|
|
| [Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] |
Chuck Peters wrote:
>He shouldn't assume that its the rpc11 port that caused his exploit. It
>could be sendmail, ssh or apache if he hasn't updated security fixes of
>the past few months. lpr and X11 shouldn't be run as open ports on an
>Internet server. I would rebuild the box and start over, migrate data,
>triple check for exploits in the data migrated...
>
>Chuck Peters, Systems Administrator, Network Engineer and Linux Tech.
>StarrySkies Network, http://StarrySkies.com, publishing science articles
>since 1995. http://StarrySkies.Net, an online science community.
>http://StarryMessenger.Net, the weekly newsletter of StarrySkies.
>
>
>On 7 Nov 2002, Damon Brinkley wrote:
>
>
>
>>You need to find out what process is listening on that port and stop
>>it. Otherwise setup Iptables to block connections to that port.
>>
>>Damon
>>
>>On Thu, 2002-11-07 at 14:50, S. Khademi wrote:
>>
>>
>>>Dear friend.
>>>
>>>Recently one of my server attack by a person, he make a direstory in my
>>>/dev/ida/ path with .sys/aw name, I see open ports in my machine by nmap
>>>command and I see:
>>>
>>>Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
>>>Interesting ports on cisgate.iut.ac.ir (213.29.206.17):
>>>(The 1531 ports scanned but not shown below are in state: closed)
>>>Port State Service
>>>22/tcp open ssh
>>>25/tcp open smtp
>>>80/tcp open http
>>>111/tcp open sunrpc
>>>443/tcp open https
>>>515/tcp open printer
>>>993/tcp open imaps
>>>995/tcp open pop3s
>>>3128/tcp open squid-http
>>>6000/tcp open X11
>>>32774/tcp open sometimes-rpc11
>>>
>>> I don't know anything about sometimes-rpc11 port, and I don't know about
>>>this, How I can close this port, and what I must do for keep my server
>>>from attacking???
>>>And I want know how he attack my server.
>>>Ps. My OS is linux redhat 7.2
>>>By regards khademi
>>>
>>> --
>>>_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>>> Soheila Khademi
>>> e-mail: khademy@yahoo.com
>>> soheila@maniac.sdc.uwo.ca
>>> Network Admin khademi@cc.iut.ac.ir
>>> Network Services
>>> Center For Information Services (CIS) http://www.iut.ac.ir
>>> Isfahan University of Technology (IUT) Tel: 98 311 3915840-1,45
>>> Isfahan, IRAN Fax: 98 311 3915805
>>>_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/_/
>>>
>>>
>>>
>>>
>>>------------------------------------------------------------------------
>>> To unsubscribe email security-discuss-request@linuxsecurity.com
>>> with "unsubscribe" in the subject of the message.
>>>
>>>
>>>
>>>
>>------------------------------------------------------------------------
>> To unsubscribe email security-discuss-request@linuxsecurity.com
>> with "unsubscribe" in the subject of the message.
>>
>>
>>
>
>------------------------------------------------------------------------
> To unsubscribe email security-discuss-request@linuxsecurity.com
> with "unsubscribe" in the subject of the message.
>
>
>
>
i say disconnect, dd, rebuild and analyze, not in this particular order,
but you get the point.
------------------------------------------------------------------------
To unsubscribe email security-discuss-request@linuxsecurity.com
with "unsubscribe" in the subject of the message.
[Home] [Fedora Announce] [Linux Crypto] [Kernel] [Netfilter] [Video for Linux] [Bugtraq] [USB] [Network Security] [Fedora Security]
|
|