[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] socks & sunrpc on a netstat?
- Subject: Re: [cobalt-security] socks & sunrpc on a netstat?
- From: shimi <shimi@xxxxxxxxxxxxxxxx>
- Date: Sat, 21 Apr 2001 23:44:10 -0700 (PDT)
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
>
> > Also, sunrpc is a big headache - tons of security issues, even if
> it's
> > legit, i would close it...
>
> Umm, I would if I knew how? *meek smile*
> I tried 'man sunrpc' and my lovely blue headache told me to go pound
> sand. I'll try digging through the archives, though (I do try to RTFM
> when I have an inkling on what to look for.)
>
with the programname fron netstat -pl, type:
killall -9 <program name>
then go to /etc/init.d and see where it loads from.
BUT if the process name is INETD
don't(!) kill it (tm)
it's the internet-super-daemon (as I guess you already know)...
what the cracker (script kiddie, most of the time) did was adding a line
to /etc/inetd.conf, to listen on one of the ports (rpc/socks) and spawn a
rootshell when telnetting in.
you can know by simply telnetting to your machine at that port. if you get
an "sh" prompt, that's the trick ;P
> Thank you Shimi!
>
> CarrieB
np.