-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Again, unless you added a few users on your system and one of them
decided to run an irc server without asking you, i'd check lsof and
see exactly who's running this.. Try irc'ing to the port also and
find out where it's linked to etc. That could be useful if you really
were 0wned. :)

Cheers,
- -JD-

- -------
Jason DiCioccio
Evil Genius
Unix BOFH

- -----Original Message-----
From: Dag-Erling Smorgrav [mailto:desofug.org]
Sent: Monday, March 05, 2001 11:23 AM
To: dce
Cc: securityFreeBSD.ORG
Subject: Re: 31337

dce <dcesquish.org> writes:
> I have noticed the following ports open on my FreeBSD 4.2-STABLE
> machine
>
> 31337/tcp open Elite
> 6667/tcp open irc

You're owned. Take your box off the net, take a backup, reinstall
from
trusted media (preferably original CD-ROMs from BSDI), transfer data
(*no* executables, scripts or configuration files!) from backup. And
get some security clue; the security(7) man page is a good place to
start, though far from complete.

DES
- --
Dag-Erling Smorgrav - desofug.org

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 6.5.8 for non-commercial use <http://www.pgp.com>

iQA/AwUBOqPov1CmU62pemyaEQI5xwCeJTWMkDr6xvL71IxpZa/CwfHE4RcAn2R3
kwE9EtpODaAYuNm3v3U9HJ+o
=IpwS
-----END PGP SIGNATURE-----

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]