Think aboout it.

1,095 registered users | 0 active users | 0 LpH | Statistics
Login | Create New User

Welcome to IWETHEY!

Post #162,580 by folkert 7/1/04 11:10:03 PM Reply	Think aboout it. What proceess runs as root, is a listening process, and run things based on that info? inetd or xinetd. It may listen, but won't respond. Oh, someone or something was looking for the "t0rn rootkit" which happens to listen on 33051 if available or 2222 if not. Also: host -t ptr 66.35.250.210\n210.250.35.66.in-addr.arpa is an alias for 210.0/24.250.35.66.in-addr.arpa.\n210.0/24.250.35.66.in-addr.arpa domain name pointer vhost.sourceforge.net. Kinda explains it, might be a service that is checking for the rootkits. -- [link\|mailto:greg@gregfolkert.net\|greg], [link\|http://www.iwethey.org/ed_curry\|REMEMBER ED CURRY!] @ *i_wethey* Heard near the SCOG employee entry/exit way: `Security: We got another Mass Exodus Doorway Jam.`
Post #162,584 by drewk 7/1/04 11:25:36 PM Reply	I suspected it's something looking/trying a rootkit But the addy returns as sourceforge. I hope there's nothing in their range trying to root people. Time to start learning about security and install a firewall. === Implicitly condoning stupidity since 2001.
Post #162,656 by FuManChu 7/2/04 12:26:28 PM Reply	Time to START? You'll have to change your sig, then. ;)

How do I track down what was using my connection? - (drewk) - (4) - July 1, 2004, 10:36:20 PM EDT

Think aboout it. - (folkert) - (2) - July 1, 2004, 11:10:03 PM EDT

I suspected it's something looking/trying a rootkit - (drewk) - (1) - July 1, 2004, 11:25:36 PM EDT

Time to START? You'll have to change your sig, then. ;) -NT - (FuManChu) - July 2, 2004, 12:26:28 PM EDT

Looked at my firewall log - (Arkadiy) - July 2, 2004, 11:30:58 AM EDT

No, you seem to have made an odd number of sign errors.
61 ms