On Thu, Dec 14, 2000 at 12:53:46AM -0800, brian@worldcontrol.com wrote:
> Sorry is this is too far off topic, but it seems to me the
> kernel may be helping in this break in or maybe some magic
> aspect of the filesystem.
I doubt that.... from this description, you've been hacked. Even if your
/etc/inetd.conf is in good shape, it looks like someone got in.
I'm guessing that your ls was also hijacked. You're using RedHat, so try
the rpm -V command to verify that the ls binary is the same as what should
be in the package. While you're at it, verify the package is the right one
(compare to a CD or distr ftp site).
Out of curiosity, are you running portmap? Perhaps BIND? There are lots
of potential culprits here -- but I suggest you verify all of your binaries
and go back and upgrade everything on your system, as well as re-visit the
issue of what daemons are started up at boot time.
Matt Dharm
-- Matthew Dharm Home: mdharm-usb@one-eyed-alien.net Maintainer, Linux USB Mass Storage DriverC: They kicked your ass, didn't they? S: They were cheating! -- The Chief and Stef User Friendly, 11/19/1997
This archive was generated by hypermail 2b29 : Fri Dec 15 2000 - 21:00:28 EST