[Herts] RE: Blade Server (Debian) compromised.
Cyberesque
cyberesque at softhome.net
Wed Jun 22 20:35:21 BST 2005
Can't help much only to say that port 31337 is well known for exploits
(spells eleet / elite in 'leet' speak). You've probably got some carder
or kiddie trying to sniff with Back Orifice - it doesn't necessarily
mean you are compromised, it just means someone is sniffing your
network, probably a script scanning a range of IP addresses.
Lexx
nicolas wrote:
>Hi,
>
>Currently running chkroot kit
>
>I think I have found the prob
>
>warning, got bogus tcp line.
>warning, got bogus tcp line.
>warning, got bogus tcp line.
>warning, got bogus tcp line.
>warning, got bogus tcp line.
>
>warning, got bogus tcp line.
>Checking `bindshell'... INFECTED (PORTS: 3049 31337)
>Checking `lkm'... chkproc: nothing detected
>Checking `rexedcs'... not found
>/proc/10835/fd: No such file or directory
>/proc/20980/fd: No such file or directory
>Checking `sniffer'... eth0: not promisc and no PF_PACKET sockets
>Checking `w55808'... not infected Checking `wted'... chkwtmp: nothing
>deleted Checking `scalper'... not infected
>
>For unknown reasons the firewall was not running.. it is now.. (horses
>etc..) I am busy googling but suggestions gratefully received.
>
>Regards
>Nicolas
>
>0797650 4148
>
>
>
>
>
More information about the Herts
mailing list