[vox] Well, I now feel like an idjut.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[vox] Well, I now feel like an idjut.
Popped over to one of my home machines (erebus.agentsix.net), which acts
as a sort of multi-server (web/mail/shells for some friends/etc).
Wanted to check to see how many times my Apache logs say,
"NNNNNNNNNNNNN" (for the Code Red worm)...69 if anyone is curious.
*grin*
As I was poking around, I brought up a process list and a list of open
sockets with ps and netstat, respectively...and noticed instantly that
my machine was listening for incoming connections on ports 6010 and
6011.
I have no services running on these ports.
Needless to say, I was a bit perturbed...double-checked the process list
(and the one in /proc), telnetted into the ports (which responded, but
didn't produce any data). Crap. This after I've spent quite a happy
amount of time handling security on this machine (wrote my own custom
tripwire hack, do regular auditing, loghost is a seperate machine).
Turns out they were the X11 forwarding ports for sshd. Sheesh. I 0wned
myself. *grin*
Not as bad as the time I did "cp /usr/X11R6.old/bin/* /usr/X11R6/bin/"
(note the lack of "-i", and that this was after spending about four
hours building X...)
--
Don Werve <donw@examen.com>
Jr. Unix System Administrator
"Fear is the mind-killer." (Frank Herbert)
|
