Re: possibly hacked? Need some ideas please!
From: Kevin Handy (kth_at_srv.net)
Date: Sat, 14 Feb 2004 16:27:10 -0700
> I have a remote Linux box doing file/email/web serving for
> a small office behind a hardware firewall. All of a sudden
> none of the services are responding including SSH.
> Ports 21, 22, 25, 80, 110, 143, 443, and 993 are open on the
> firewall pointing to the Linux box.
> We are using the latest ProFTPD with NO anonymous access allowed.
> I have VNC to a desktop inside the LAN and I can ping the
> Linux box at 192.168.1.100. It responds to ping!
> But all the other services are NOT responding.
xinetd (inetd) may have crashed. I have seen it crash
frequently on a RedHat 7.1 system.
try '/etc/init.d/xinetd restart' and see if everything works again.
> I thought maybe the power went out and it is sitting waiting
> for filesystem check. If that was the case, it would not
> reply to ping right? Because the networking is not started right?
> I am lost and hope the box is not hacked...
> And ideas?