Re: Strange events...
On Sun, Aug 26, 2001 at 01:56:44PM +0200, Jaan Sarv wrote:
>
> > 245 ? S 0:58 /usr/sbin/sshd
> > 8244 ? S 0:03 \_ /usr/sbin/sshd
> > 8245 pts/1 S 0:00 | \_ -bash
> > 8441 ? S 0:01 \_ /usr/sbin/sshd
> > 8444 pts/2 S 0:00 | \_ -bash
> > 9237 ? S 0:05 \_ /usr/sbin/sshd
> > 9242 pts/3 S 0:00 \_ -bash
> > 9610 pts/3 R 0:00 \_ ps afx
> > 9611 pts/3 S 0:00 \_ more
>
> pts/3 is you. 1 and 2 seem to be hax0rs online (or did you open 3 ssh
> sessions?).
yes, i have opened some ssh session, is not hax0rs online...:)
>
> > Is absolutely normal, no strange processes or something strange.
>
> Strange enough for me.
>
> > finally i report the state port in listening
> > sgala2:/var/log/ippl# lsof -i |grep LISTEN
> > psybnc 4018 sgala 3u IPv4 216645 TCP *:31337 (LISTEN)
>
> What is psybnc, who is sgala and why is it listening on port 31337 ?
psybnc is a bnc, sgala i'm. and listening on 31337 because i need to connect to this port...:) this is absolutely normal..
>
> > sshd 8244 root 6u IPv4 537338 TCP *:6010 (LISTEN)
> > sshd 8441 root 6u IPv4 537997 TCP *:6011 (LISTEN)
> > sshd 9237 root 6u IPv4 539149 TCP *:6012 (LISTEN)
>
> Bogus ssh daemons, I presume.
>
mhm:°°° Debian potato deamon..mhm
> > Now I'm in doubt... what is happened?...
>
> 99.99% sure that you got rooted.
good.. but the cracker has not left no gifts..:°°
terrible...
>
> PULL THE PLUG!
> Investigate.
> Find the hole.
> Learn.
> Find the bastards.
> Revenge! ;)
:)))
>
> > Sorry for my bad english... I'm a small italian guy...:))
>
> Can't beat you on that.
i don't understand this expression, sorry.
best regarsd!
Matteo
--
Matteo Sgalaberni | Web : http://www.sgala.com
-- | E-Mail : matteo@sgala.com
System and Application Engineer |
-------------------------------------------------------------------------------
Reply to: