Hosting Provided By

Re: Compromised FBSD/Apache

From: Hernan Otero <bazhgo(at)techint.net>
Date: Mon Nov 18 2002 - 08:03:05 EST

('binary' encoding is not supported, stored as-is)
In-Reply-To: <138174789994.20021116081144@beldamar.com>

Do this

#fstat | grep internet | grep 127

and see what it show you....

You can see wath binary is bind to this port, and view wich user is running it too

Then is recomended do

#fstat | grep internet

And take a look for all Listen and Established communications

Netstat may be a compromised file...

Do you need help?

Bye Bye

-H

>Hello...

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Wed Nov 20 07:46:42 2002

This message: [ Message body ]
Next message: Valdis.Kletnieks(at)vt.edu: "Re: Proxy server hit... Any ideas?"
Previous message: Hugo van der Kooij: "Re: Proxy server hit... Any ideas?"
In reply to: Greg S. Wirth: "Compromised FBSD/Apache"
Next in thread: D.C. van Moolenbroek: "Re: Compromised FBSD/Apache"
Reply: D.C. van Moolenbroek: "Re: Compromised FBSD/Apache"
Reply: Esler, Joel -- Sytex Contractor: "increased attacks on port 2599"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:51 EDT