* Evren Yurtesen <yurtesenispro.net.tr> [010305 11:30] wrote:
> cant it be a person who has a shell and execute some daemons etc ? like
> ircd?
>
> why does he need to reinstall his system?

Because if the box is reporting port 31337 as the 'elite' service
it means someone most likely has modified /etc/services which
indicates that they have attained elevated privs somehow.

>
> Evren
>
> > dce <dcesquish.org> writes:
> > > I have noticed the following ports open on my FreeBSD 4.2-STABLE machine
> > >
> > > 31337/tcp open Elite
> > > 6667/tcp open irc
> >
> > You're owned. Take your box off the net, take a backup, reinstall from
> > trusted media (preferably original CD-ROMs from BSDI), transfer data
> > (*no* executables, scripts or configuration files!) from backup. And
> > get some security clue; the security(7) man page is a good place to
> > start, though far from complete.
> >
> > DES
> > --
> > Dag-Erling Smorgrav - desofug.org
> >
> > To Unsubscribe: send mail to majordomoFreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
> >
>
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
-Alfred Perlstein - [brightwintelcom.net|alfredfreebsd.org]
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]