[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???

Subject: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
From: Åke Brännström <ake@xxxxxxxxxxx>
Date: Wed, 18 Apr 2001 12:21:24 +0200
Organization: Department of Mathematics
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

On Tue, 17 Apr 2001, you wrote:
> I've found that "/usr/sbin/nscd" is the responsible program for that port
> being open. I don't know what that program is, as it is not found on our
> backup RaQ4 server (which mind you has a lot less updates and programs
> installed).
> I know that my server is now untrustworthy, but would it be a good idea to
> rename/delete this file in the meantime?

There's a small risk that you have the 't0rnkit' rootkit installetd on your
RaQ4. You can read more about this at CERT:

http://www.cert.org/incident_notes/IN-2000-10.html

If your RaQ4 have been hacked, as seems likely, my recommendation is that you
immediately make a safe copy of all important data and then reinstall the
operating system from scratch, install all patches and disable all services
that you do not need. If you merely disable nscd, there is a risk that the
hackers will find out that you're on to them and wipe your entire disk or
something equally nasty. 

Sincerely, 
Ake Brannstrom

References:
- RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
  - From: Loryan Strant

Prev by Date: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
Next by Date: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
Previous by thread: RE: [cobalt-security] Re: [cobalt-users] ssh on port 44658???
Next by thread: Re: [cobalt-security] Re: [cobalt-users] ssh on port 44658???

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index