[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[cobalt-security] PORT 113, AUTH (in.ident)
- Subject: [cobalt-security] PORT 113, AUTH (in.ident)
- From: "lists" <lists@xxxxxxxxxxxxxxxx>
- Date: Tue, 17 Feb 2004 08:34:17 -0500
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Is this a normal thing to have uncommented in inetd.conf??
I am trying to figure out where an attacker is getting in, nothing shows in
the logs whatsover, yet the attacked can server wide deface all index.html's
and alike.
/usr/sbin/in.ident has a normal wtime of Sept, 1999 which means it wasnt
altered... right?
Any ideas?
Dave