Re: 2.0.33 attacked!

Alan Cox (alan@lxorguk.ukuu.org.uk)
Mon, 23 Mar 1998 21:54:34 +0000 (GMT)

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: TherP: "IBM DHEA irq problem"
Previous message: Alan Cox: "Re: NETBEUI support?"

> I picked this up from a friend who's computer was attacked, the attacker
> would only reveal that this is a big in 2.0.33.

No bug there

> Feb 22 15:04:36 nasa in.rshd[442]: connect from 200.231.198.213

Bozo tries to connect from an invalid port
> Feb 22 15:04:36 nasa rshd[442]: Connection from 200.231.198.213 on illegal
> port

Rsh kicks him off

> 5:04:38 nasa inetd[63]: shell/tcp server failing (looping), service
> terminated
> 5:07:35 nasa inetd[63]: auth/tcp server failing (looping), service
> terminated

Your machine is defending itself by shutting services off for a couple of
minutes. If they dont come back your inetd is old. If you dont want that
to occur change them to "wait.10000" in /etc/inetd.conf

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.rutgers.edu

Next message: TherP: "IBM DHEA irq problem"
Previous message: Alan Cox: "Re: NETBEUI support?"