On Fri, Mar 31, 2000 at 16:22 -0800, Chrissy wrote:
chrissy@rox:~ > /usr/sbin/named -v named 8.2.2-P3 Sun Nov 14 20:46:41 GMT 1999
IIRC "-P5" is out, you might find the appropriate discussions on securityfocus.com and freebsd.org. But since I don't run any _public_ DNS servers I really didn't care any further.
While doing a portscan..i noticed a weird port.. 687 ..any clues?
When /etc/services doesn't reveal anything, you might want to look at nmap's services file which is more comprehensive. You can check out the links below. http://www.robertgraham.com/pubs/firewall-seen.html http://advice.networkice.com/advice/Exploits/Ports/ And always do something like "fuser -v -n tcp 687". You could run login daemons on port 80 or mail servers on port 53 -- nobody said a service had to "conform" to an /etc/services entry, these are just hints or symbolic names for pure comfort.
an rpm -Va showed nothing odd...
I'm not sure at the moment whether this would show any _added_ files. I guess it only checks for manipulation of initially installed files (entered into the rpm database). And did you check all the modifications not only for reasonability but for their _full_ change against the initial state? You can expect to have /etc/inittab look different from the installation time, but did you look _what_ is the difference? And while we're at this: which database did you check against? There's no point in believing in ls(1), lsmod(8) or rpm(1) on a broken system. Grab an unmodified version to check with (rescue system from CD, frozen rpm database right after installation, etc). Setup an IDS like tripwire which comes with most distros these days. virtually yours 82D1 9B9C 01DC 4FB4 D7B4 61BE 3F49 4F77 72DE DA76 Gerhard Sittig true | mail -s "get gpg key" Gerhard.Sittig@gmx.net -- If you don't understand or are scared by any of the above ask your parents or an adult to help you.