[lug] eth0: tx interrupt but no status

Paul Bille paul at ebille.cudenver.edu
Mon Dec 10 23:34:33 MST 2001


> Haven't heard of anything on 3409. Run this to see what is listening
there, if anything:
> fuser -v -u -n tcp "3409" -n udp "3409"

fuser doesn't report anything, either tcp or udp on 3409.  I guess that's
good.

3409 is a high port that users can write applications to listen on.  It
would be bad if a foreign application was listening on 3409.

I don't know details of the BIND overflow scheme but I understand that
blocks of memory get sent back to a server, essentially a memory dump across
the net.  They then scan the dump for the root password, come back and log
on as root and mess up the system.

Thanks,
Paul
http://bille.cudenver.edu/author




More information about the LUG mailing list