[cobalt-users] [RaQ3] Cracked ?

[Bradley Caricofe <caricofe@xxxxxxxxxxx>]

Hi again folks,  jsut got home from our short July 4 vacation eager to get
back on my primary development machines and delve deeper into solving the
problems we've been experiencing in the last week.  I noticed right away
upon getting in that the server was down again.  I figured I'd do a quick
portscan, something I've been meaning to do the last couple of days since
installing ipchains and the pmfirewall.  So, the first portscan shows this:

Port       State       Service
22/tcp     open        ssh
25/tcp     open        smtp
53/tcp     open        domain
80/tcp     open        http
81/tcp     open        hosts2-ns
110/tcp    open        pop-3
137/tcp    filtered    unknown
138/tcp    filtered    unknown
139/tcp    filtered    unknown
443/tcp    open        unknown
444/tcp    open        unknown
3306/tcp   open        unknown

Not too bad I guess, I then noticed that all of our services were hung,
again, ssh, httpd, all stuck.  So, I reboot successfully via our new reboot
switch and then ssh in and turn on our pmfirewall.  I run another quick
portscan and now it show this:

Port       State       Service
22/tcp     open        ssh
25/tcp     open        smtp
53/tcp     open        domain
80/tcp     open        http
81/tcp     open        hosts2-ns
110/tcp    open        pop-3
137/tcp    filtered    unknown
138/tcp    filtered    unknown
139/tcp    filtered    unknown
443/tcp    open        unknown
444/tcp    open        unknown
1524/tcp   filtered    unknown
3306/tcp   open        unknown
12345/tcp  filtered    NetBus
12346/tcp  filtered    NetBus
27665/tcp  filtered    Trinoo_Master
31337/tcp  filtered    Elite

Did I just enable some crackers software with my reboot?  I downloaded the
latest chkrootkit and it shows server as fine.  Would the firewall cause
false positives for some reason?  Am I obviously and officially screwed as
far as this server is concerned now?  Thanks...

8(  Brad