[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open
- Subject: RE: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open
- From: "d e p e u p l e u r" <jmurillo@xxxxxxxxxxxxxx>
- Date: Tue May 22 04:38:10 2001
- List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>
I cannot uninstall SSH in order to reinstall it and get in, so I am thinking
of installing an earlier version of SSH instead, I got the SSH at EMEA,
where can I find a compatible prior version to the one found there?
-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Juan Carlos
Murillo
Sent: Friday, May 18, 2001 7:06 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports
open
Hello all,
We are running a RaQ3 and about a month ago our telnet prompt started
failing, it would display the OS info but not the login. After reading the
archives for a while and not finding an answer we decided to install SSH.
Now SSH is gone too and we cannot get into the machine other than from ftp.
I have run a port scan against our machine and got the following ports open:
21 FTP
25 SMTP
53 Domain
79 Finger ??
80 WWW
81 Hosts2-NS
110 POP3
143 IMAP
444 SNPP ??
514 SHELL - Automatic Remote Process Execution ????????????????????????????
1008 UFSD ??
NO SSH port. An we have this weird 514 port open.
What should I be looking for to determined if the server was compromised?
TIA
Depeupleur
_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users