Re: suspicious lpd started
I just want to add lpd is not listening on any port according to lsof
or netstat
On February 11, 2003 11:57 am, bill07@shaw.ca wrote:
> Hi,
>
> 3 days after starting my potato system lpd started to run.
> system started Feb 6
> ps output:
> USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
> root 6833 0.0 1.3 1052 412 ? S Feb09 0:00 /usr/sbin/lpd
> root 6836 0.0 1.5 1076 468 ? S Feb09 0:00 /usr/sbin/lpd
> or
> root 6833 0.0 1.3 1052 412 ? S Feb09 0:00 /usr/sbin/lpd
> root 6836 0.0 1.5 1076 468 ? S Feb09 0:00 \_ /usr/sbin/lpd
>
>
> lpd is not in startup or any cron job. daemon.log is clean with no
> evidence of it starting. no apparent rootkits, connections, and
> last/lastlog is clean. How can this happen? Any ideas? I have bind
> running on port 53 (everything else is filtered)
>
> thanks
Reply to: