All: I have SuSE 8.1 Profesional running on a machine that appears to have port 33270 open. I found this as a result of running "saint". Saint reports this to be a possible problem. Description: Trinity is a Distributed Denial of Service tool that is controlled by IRC. In the version that the X-Force has been analyzing, the agent binary is installed on a Linux system at /usr/lib/idle.so. When idle.so is started, it connects to an Undernet IRC server on port 6667 What to do: Scan all systems for port 33270 connections. If any connections are found, telnet to that port and type "!@#". A system has been compromised if there is a root shell present after a successful connection to port 33270 In doing the above from another SuSE linux machine I get: #telnet linuxmachine 33270 Trying 172.20.1.99... Connected to linuxmachine. Escape character is '^]'. and then typing the "!@#" I get: Connection closed by foreign host. While this is good. I don't know what on my system is responding to this port. An "lsof -i TCP:33270" returns nothing. netstat -ea shows tcp 0 0 *:33270 *:* LISTEN root 31464 Can anybody tell me if I should start to panic! Or what this could be. Thanks - Paul