Hi,
I've gotten two emails in the last two months stating that my machine was
used to run a port scan.
I've been searching logs, but find FTP Connection Refused message, and I've
also looked for the Lion & Raman viruses.
I've also check for cron jobs (weekly, monthly, etc).
My inetd.conf has ftp enabled, everything else is commented out.
I start sshd from rc.local.
Below is a list of daemon that are running.
Today I noticed that my rc.sysinit was dated July 5, 2001, and the email I
just got said my machine ran a port scan on July 4, 2001.
Does the date of the rc.sysinit script change?
Is it possible that someone is spoofing my address?
Any ideas how I can track this down?
Thanks!!!
Anne
rond Automatic Running x x
x xdhcpd Manual
x x
x xfirewall Enabled
x x
x xgated Manual
x x
x xgpm Automatic
Running x x
x xhttpd Automatic
Running x x
x xidentd Automatic
Running x x
x xinet Automatic
Running x x
x xinnd Manual
x x
x xipchains Manual
x x
x xirda Manual
x x
x xisdn Automatic
x x
x xkdcrotate Manual
x x
x xkeytable Automatic
Running x x
x xkrb5server Manual
x x
x xkudzu Automatic
Running x x
x xldap Manual
x x
x xlinuxconf Automatic
x x
x xlpd Automatic
x x
x xmars-nwe Manual
x x
x xmcserv Manual
x x
x xnamed Manual
x x
x xnetfs Automatic
Running x x
x xnetwork Automatic
Running x x
x xnfs Manual
x x
x xnfslock Automatic
x x
x xnscd Manual
x x
x xpcmcia Automatic
x x
x xphhttpd Manual
x x
x xportmap Automatic
x x
x xpostgresql Manual
x x
x xpulse Manual
x x
x xpvmd Manual
x x
x xpxe Manual
x x
x xrandom Automatic
Running x x
x xreconfig Automatic
Running x x
x xrouted Manual
x x
x xrstatd Manual
x x
x xrusersd Manual
x x
x xrwalld Manual
x x
x xrwhod Manual
x x
x xsendmail Manual
x x
x xserial Automatic
Running x x
x xsmb Manual
x x
x xsnmpd Manual
x x
x xsquid Manual
x x
x xsshd Automatic
x x
x xsyslog Automatic
Running x x
x xxfs Automatic
Running x x
x xxntpd Manual
x x
x xypbind Manual
x x
x xyppasswdd Manual
x x
x xypserv Manual
x x
x mqqqqq
phone: (303) 447-2774 speak "Anne George"
email: ageorge at goldsys.com
**************************************************
Gold Systems does Speech Recognition ... just speak the first and last name
of the person you are trying to reach
****************************************************************************
************
****************************************************************************
************
People of Altitude - www.stvrainwatchdogs.org
"You did then what you knew how to do. When you knew better you did
better." - Maya Angeleou
****************************************************************************
************