[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open

Subject: RE: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open
From: "d e p e u p l e u r" <jmurillo@xxxxxxxxxxxxxx>
Date: Tue May 22 11:47:32 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

Hello again, I've gotten no answers and I was hoping someone would help us
with this because we are
really stumped.  We need to reinstall a shell from the GUI because our
Telnet and
SSH are dead.  How did this happen we are yet to find out.  The telnet
prompt prints out a message about the OS and dies:

Cobalt Linux release 5.0 (Pacifica)
Kernel 2.2.14C10 on an i586
[TELNET] INFO: DISCONNECTED

The SSH doesn't even respond:

[SSH] FAIL: CONNECT NOT SUCCESSFUL (SERVER/PORT/CONNECTION PROBLEM)

I don't see its port open.  We were hoping that perhaps we could reinstall
an earlier SSH, a rlogin or rsh or something to get in, but cannot find a
package to use with the GUI.

BTW managed to find out that port 514 that is open in the machine is for rsh
a remote shell, which makes me believe the server's been tinkered with.

Help will be greatly appreciated.

Warm regards,
Juan


-----Original Message-----
From: cobalt-users-admin@xxxxxxxxxxxxxxx
[mailto:cobalt-users-admin@xxxxxxxxxxxxxxx]On Behalf Of Juan Carlos
Murillo
Sent: Friday, May 18, 2001 7:06 PM
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports
open


Hello all,

We are running a RaQ3 and about a month ago our telnet prompt started
failing, it would display the OS info but not the login.  After reading the
archives for a while and not finding an answer we decided to install SSH.
Now SSH is gone too and we cannot get into the machine other than from ftp.
I have run a port scan against our machine and got the following ports open:

21 FTP
25 SMTP
53 Domain
79 Finger  ??
80 WWW
81 Hosts2-NS
110 POP3
143 IMAP
444 SNPP    ??
514 SHELL - Automatic Remote Process Execution ????????????????????????????
1008 UFSD   ??

NO SSH port.  An we have this weird 514 port open.

What should I be looking for to determined if the server was compromised?

TIA

Depeupleur

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

Follow-Ups:
- Re: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open
  - From: Carrie Bartkowiak

References:
- [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open
  - From: Juan Carlos Murillo

Prev by Date: [cobalt-users] The Good Reverend - alias The Linux by Dr. Seuss.
Next by Date: [cobalt-users] Setting up a single admin user for multiple sites
Previous by thread: Re: [cobalt-users] RE: Hacked? Telnet gone, SSH gone, strange ports open
Next by thread: Re: [cobalt-users] Hacked? Telnet gone, SSH gone, strange ports open

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index