That's not correct. Nmap has the "Elite" service name built in to
its nmap-services file. Mostly because of the obvious 5kr1p7 k11d13
name mapping. His /etc/services is probably just fine.

   -Dave

Lo and behold, Alfred Perlstein once said:
>
> * Evren Yurtesen <yurtesenispro.net.tr> [010305 11:30] wrote:
> > cant it be a person who has a shell and execute some daemons etc ? like
> > ircd?
> >
> > why does he need to reinstall his system?
>
> Because if the box is reporting port 31337 as the 'elite' service
> it means someone most likely has modified /etc/services which
> indicates that they have attained elevated privs somehow.
>
>
> >
> > Evren
> >
> > > dce <dcesquish.org> writes:
> > > > I have noticed the following ports open on my FreeBSD 4.2-STABLE machine
> > > >
> > > > 31337/tcp open Elite
> > > > 6667/tcp open irc
> > >
> > > You're owned. Take your box off the net, take a backup, reinstall from
> > > trusted media (preferably original CD-ROMs from BSDI), transfer data
> > > (*no* executables, scripts or configuration files!) from backup. And
> > > get some security clue; the security(7) man page is a good place to
> > > start, though far from complete.
> > >
> > > DES
> > > --
> > > Dag-Erling Smorgrav - desofug.org
> > >
> > > To Unsubscribe: send mail to majordomoFreeBSD.org
> > > with "unsubscribe freebsd-security" in the body of the message
> > >
> >
> >
> > To Unsubscribe: send mail to majordomoFreeBSD.org
> > with "unsubscribe freebsd-security" in the body of the message
>
> --
> -Alfred Perlstein - [brightwintelcom.net|alfredfreebsd.org]
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
>

-- 
work: dgalcs.mit.edu                          me:  dgapobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]