|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: port 511. help needed.
From: Eagle C. Huang (demom
MS5.HINET.NET)Date: Thu Oct 26 2000 - 05:57:06 CDT
- Next message: bYm: "redhat 6 question"
- Previous message: ADIB AZHAR: "freeswan problem.."
- In reply to: Nazri Hussain: "port 511. help needed."
- Next in thread: Daniel Harrison: "Re: port 511. help needed."
- Reply: Eagle C. Huang: "Re: port 511. help needed."
- Reply: Daniel Harrison: "Re: port 511. help needed."
- Reply: Avery Payne: "The rpc.statd exploit is more common than you think..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I recently found one of my friend's linux servers had been hacked via port
111 (rpc.statd ?)
The hacker replaced ls, find, netstat, ps... in this system tried to hide
some ssh deamon
which used port 511 for backdoor.
Try using
#strings ls
command to check if there's some weird entry point to a hidden file (such as
/usr/src/.puta ).
In that file you will find hacker's direcrtories or files.
Sorry for my poor English.
----- Original Message -----
From: Nazri Hussain <nazrihMIMOS.MY>
To: <FOCUS-LINUXSECURITYFOCUS.COM>
Sent: Wednesday, October 25, 2000 10:13 AM
Subject: port 511. help needed.
> hi everybody,
>
> recently, I've port scanned (using nmap) my own server and found that port
> 511 is open for connection. i was wondering what is port 511 used for
> ? can i close it and how ?
- Next message: bYm: "redhat 6 question"
- Previous message: ADIB AZHAR: "freeswan problem.."
- In reply to: Nazri Hussain: "port 511. help needed."
- Next in thread: Daniel Harrison: "Re: port 511. help needed."
- Reply: Eagle C. Huang: "Re: port 511. help needed."
- Reply: Daniel Harrison: "Re: port 511. help needed."
- Reply: Avery Payne: "The rpc.statd exploit is more common than you think..."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]