[RH List] Re: Possible break-in
Ashley M. Kirchner
ashley at pcraft.com
Thu May 13 19:07:03 UTC 2004
Manuel Nauta wrote:
>Just curious, was this server behind a firewall? If so, what
>kind and what ports were open?
>
Open ports are:
PORT STATE SERVICE
22/tcp open ssh
25/tcp open smtp
80/tcp open http
111/tcp open rpcbind
587/tcp open submission
3306/tcp open mysql
Looking at the sizes of some of these binaries, they've all grown:
Original (from RPM) Modified
-----------------------------------------------------------------------------
/usr/bin/gs 3,196,892 /usr/bin/gs
3,206,552
/usr/bin/pngtopnm 15,008 /usr/bin/pngtopnm
17,420
/usr/bin/pnmtopng 25,120 /usr/bin/pnmtopng
27,920
/usr/bin/pnmalias 8,620 /usr/bin/pnmalias
10,420
/sbin/ip 97,468 /sbin/ip
101,452
/sbin/rtmon 18,044 /sbin/rtmon
19,504
/sbin/tc 116,604 /sbin/tc
122,064
/usr/lib/libcupsimage.so.2 73,892 /usr/lib/libcupsimage.so.2
75,348
/usr/lib/libpng12.so.0.1.2.2 142,572 /usr/lib/libpng12.so.0.1.2.2
143,928
--
W | I haven't lost my mind; it's backed up on tape somewhere.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley at pcraft.com> . 303.442.6410 x130
IT Director / SysAdmin / WebSmith . 800.441.3873 x130
Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
More information about the redhat-list
mailing list