Re: possibly hacked? Need some ideas please!

From: Kevin Handy (kth_at_srv.net)
Date: 02/15/04


Date: Sat, 14 Feb 2004 16:27:10 -0700

Andy wrote:
> I have a remote Linux box doing file/email/web serving for
> a small office behind a hardware firewall. All of a sudden
> none of the services are responding including SSH.
>
> Ports 21, 22, 25, 80, 110, 143, 443, and 993 are open on the
> firewall pointing to the Linux box.
>
> We are using the latest ProFTPD with NO anonymous access allowed.
>
> I have VNC to a desktop inside the LAN and I can ping the
> Linux box at 192.168.1.100. It responds to ping!
>
> But all the other services are NOT responding.

xinetd (inetd) may have crashed. I have seen it crash
frequently on a RedHat 7.1 system.

try '/etc/init.d/xinetd restart' and see if everything works again.

> I thought maybe the power went out and it is sitting waiting
> for filesystem check. If that was the case, it would not
> reply to ping right? Because the networking is not started right?
>
> I am lost and hope the box is not hacked...
>
> And ideas?
>
>