| View previous topic :: View next topic |
| Author |
Message |
heathkit
n00b
Joined: 23 Apr 2002
Posts: 38
|
 Posted: Sun Dec 08, 2002 5:32 pm Post subject: Unauthorized psyBNC server |
 |
|
I just did a random nmap on my media playing box, and I discovered it's running a service on port 31337. This is what I get when I connect:
:Welcome!psyBNC@lam3rz.de NOTICE * :psyBNC2.3.1
Which, according to my research, is the default install of psyBNC, a bounce server. Unfortunately, this is all I know. I have no idea how long it's been there, what's been compromised, or even what process is running this thing. Any advice? |
|
| Back to top |
|
 |
heathkit
n00b
Joined: 23 Apr 2002
Posts: 38
|
| Posted: Sun Dec 08, 2002 5:54 pm Post subject: |
|
|
I think I found the origin. I'm finding some files all modified the exact same date and time.
/usr/lib/misc/pt_chown
/usr/lib/misc/sftp-server
/usr/lib/misc/ssh-keysign
/var/empty
/etc/ssh/moduli
/etc/ssh/sshd_config
in sshd_config, everything is commented out, except for this line at the bottom:
#Subsystem sftp /usr/lib/misc/sftp-server
So, I think I understand what's going on here. Can anybody shed some light on this for me? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
