Re: Server hacked?
- From: NoOp <glgxg@xxxxxxxxxxxxx>
- Date: Tue, 01 Jan 2008 14:48:47 -0800
On 01/01/2008 02:00 PM, Joris Dobbelsteen wrote:
[snips]
The box has PostFix, PowerDNS, Apache2 and SSH exposed to the Internet.
Unfortunally its connected to the single LAN segment I have at home.
Fortunally I have a strict firewall that doesn't allow IRC out (I don't
use it, so I do not need to allow it).
tcp 0 1 192.168.10.xx:60278 216.152.66.47:6667
SYN_SENT 15412/[kjournald]
[trusted entries removed]
You have been hacked. There are a variety of trojans (linx related) that
use port 6667:
http://www.cert.org/advisories/CA-2002-24.html
<http://www.google.com/search?hl=en&q=Linux+trojan+%2B6667&btnG=Search>
<http://www.symantec.com/security_response/writeup.jsp?docid=2006-021417-0144-99&tabid=2>
<http://www.doshelp.com/Ports/6667.htm>
Is the system fully updated with all the recent Ubuntu patches/updates?
If so, you may want to contact the Ubuntu security team to let them know
and have them take a look.
https://launchpad.net/~ubuntu-security
https://bugs.launchpad.net/~ubuntu-security/
https://bugs.launchpad.net/debian/+source/ircii-pana/+bug/129771
[remote IRC servers can execute arbitrary commands]
--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
- References:
- Server hacked?
- From: Joris Dobbelsteen
- Server hacked?
- Prev by Date: Re: Server hacked?
- Next by Date: Re: How do I mount an img (DVD image) file in ubuntu 7.10
- Previous by thread: Re: Server hacked?
- Next by thread: Re: Server hacked?
- Index(es):
Relevant Pages
|
