[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] hacked - please help! - my server scans port 53 on serval nets

Subject: Re: [cobalt-security] hacked - please help! - my server scans port 53 on serval nets
From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
Date: Sat, 30 Nov 2002 16:18:08 +0100
Organization: SOLARSPEED.NET
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

Hi Armin,

> two days ago i got some mails that my server scans serveral networks for
> dns-port 53.

As said, port 53 is DNS. So if you are running a DNS server on your box, then 
there is a small chance that this was legitimate traffic.

> should i update my os-sftware? (the last time i did the server crashed and
> i had to reinstall it, so in only installed "RaQ4-All-Security Release
> 1.0.1-8762".)

If RaQ4-All-Security Release 1.0.1-8762 is the only patch you have installed, 
then your server has around 30 locally and remotly exploitable security 
holes. It would be a small miracle if you have *not* been hacked. Yet.

-- 

With best regards,

Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer

References:
- [cobalt-security] hacked - please help! - my server scans port 53 on serval nets
  - From: Armin Baldemair @ ARMIXnetworks.com

Prev by Date: Re: [cobalt-security] hacked - please help! - my server scans port 53 on serval nets
Next by Date: [cobalt-security] how to config ipchains?
Previous by thread: [cobalt-security] in regards to a raq 550
Next by thread: [cobalt-security] explanation of chkrootkit results

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index