[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] hacked - please help! - my server scans port 53 on serval nets
- Subject: Re: [cobalt-security] hacked - please help! - my server scans port 53 on serval nets
- From: Michael Stauber <cobalt@xxxxxxxxxxxxxx>
- Date: Sat, 30 Nov 2002 16:18:08 +0100
- Organization: SOLARSPEED.NET
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Hi Armin,
> two days ago i got some mails that my server scans serveral networks for
> dns-port 53.
As said, port 53 is DNS. So if you are running a DNS server on your box, then
there is a small chance that this was legitimate traffic.
> should i update my os-sftware? (the last time i did the server crashed and
> i had to reinstall it, so in only installed "RaQ4-All-Security Release
> 1.0.1-8762".)
If RaQ4-All-Security Release 1.0.1-8762 is the only patch you have installed,
then your server has around 30 locally and remotly exploitable security
holes. It would be a small miracle if you have *not* been hacked. Yet.
--
With best regards,
Michael Stauber
mstauber@xxxxxxxxxxxxxx
Unix/Linux Support Engineer