there's a hacker!

Brad Thu, 18 May 2000 21:20:21 -0700
Dear all,
I am a newbie as a administrator of company's workstations.
Now I find(use "netstat") someone use Scorpio(one of workstaions) as a 
tcp proxy server at port 60400, but I don't know how to stop 
it.I used the "ps" command, it displayed as follows:
     UID   PID  PPID  C    STIME TTY      TIME CMD
    root     0     0  0   Jul 02 ?        0:09 sched
    root     1     0  0   Jul 02 ?        1:33 /etc/init -
    root     2     0  0   Jul 02 ?        0:57 pageout
    root     3     0  0   Jul 02 ?       1213:20 fsflush
    root   268   233  0   Jul 02 ?        1:15 /usr/openwin/bin/Xsun :0 -nobannd
    root   135     1  0   Jul 02 ?        0:24 /usr/sbin/inetd -s
    root   264     1  0   Jul 02 ?        0:00 /usr/lib/saf/sac -t 300
    root   115     1  0   Jul 02 ?        0:11 /usr/sbin/rpcbind
    root   107     1  0   Jul 02 ?        2:57 /usr/sbin/in.routed -q
    root   117     1  0   Jul 02 ?        0:00 /usr/sbin/keyserv
    root   207   196  0   Jul 02 ?        0:00 lpNet
    root   125     1  0   Jul 02 ?        0:00 /usr/sbin/kerbd
    root   123     1  0   Jul 02 ?        0:02 /usr/lib/netsvc/yp/ypbind -broadt
  daemon   138     1  0   Jul 02 ?        0:00 /usr/lib/nfs/statd
    root   140     1  0   Jul 02 ?        0:00 /usr/lib/nfs/lockd
    root   163     1  0   Jul 02 ?        0:00 /usr/lib/autofs/automountd
    root   167     1  0   Jul 02 ?        0:01 /usr/sbin/syslogd
    root   186     1  0   Jul 02 ?        1:23 /usr/sbin/nscd
    root   220     1  0   Jul 02 ?        0:00 /usr/sbin/vold
    root   180     1  0   Jul 02 ?        0:47 /usr/sbin/cron
    root   196     1  0   Jul 02 ?        0:00 /usr/lib/lpsched
    root   265     1  0   Jul 02 console  0:00 /usr/lib/saf/ttymon -g -h -p sco
    root 18358   135  0   Dec 04 ?        0:00 in.telnetd
    root   211     1  0   Jul 02 ?        0:04 /usr/lib/utmpd
    root   233     1  0   Jul 02 ?        0:40 /usr/dt/bin/dtlogin
    root   261     1  0   Jul 02 ?        0:00 /usr/lib/nfs/mountd
    root   259     1  0   Jul 02 ?        0:29 /usr/lib/nfs/nfsd -a 16
    root   267   264  0   Jul 02 ?        0:01 /usr/lib/saf/ttymon
    root  8642  8629  0   Jan 21 ?        0:30 dtgreet -display :0
    root  8629   233  0   Jan 21 ?        0:00 /usr/dt/bin/dtlogin
  nobody  7925   135  0   Nov 30 ?        0:00 fs
  regine 18360 18358  0   Dec 04 pts/5    0:00 -csh
    root  8602   135  0   Jan 21 ?        0:00 rpc.ttdbserverd
    root 17993   135  0                   0:00 <defunct>
    root 18764     1  0   Aug 30 ?        0:02 /usr/lib/sendmail -bd -q15m
    root  8631     1  0   Jan 21 ?        0:00 /usr/openwin/bin/fbconsole -d :0
   oscar 13463     1  0   Mar 21 ?        0:04 ftp mew.tcs
    root  7439  7419  0 08:42:13 pts/7    0:00 /usr/bin/ps -ef
    root  7417   135  0 08:12:59 ?        0:00 in.telnetd
   ccchu  4607     1  0   Mar 15 ?        0:00 fs
    guest  7419  7417  0 08:13:00 pts/7    0:00 -csh
    guest  7092     1  0 19:26:45 ?        2:18 sim.v2

Does anybody knows how I can find the hacker ps,and stop
it? 
thanks a lot.
Brad

--------------------------------------------------------------------------
Brad Chun
[EMAIL PROTECTED]
"The best way to escape from your problem is to solve it." 
--------------------------------------------------------------------------


--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
there's a hacker!

Reply via email to
