hm. very puzzling. this is ps output from a Solaris
box, isn't it?
Brad wrote:
>
> Dear all,
> I am a newbie as a administrator of company's workstations.
> Now I find(use "netstat") someone use Scorpio(one of workstaions) as a
> tcp proxy server at port 60400, but I don't know how to stop
> it.I used the "ps" command, it displayed as follows:
> UID PID PPID C STIME TTY TIME CMD
> root 0 0 0 Jul 02 ? 0:09 sched
> root 1 0 0 Jul 02 ? 1:33 /etc/init -
> root 2 0 0 Jul 02 ? 0:57 pageout
> root 3 0 0 Jul 02 ? 1213:20 fsflush
> root 268 233 0 Jul 02 ? 1:15 /usr/openwin/bin/Xsun :0 -nobannd
> root 135 1 0 Jul 02 ? 0:24 /usr/sbin/inetd -s
> root 264 1 0 Jul 02 ? 0:00 /usr/lib/saf/sac -t 300
> root 115 1 0 Jul 02 ? 0:11 /usr/sbin/rpcbind
> root 107 1 0 Jul 02 ? 2:57 /usr/sbin/in.routed -q
> root 117 1 0 Jul 02 ? 0:00 /usr/sbin/keyserv
> root 207 196 0 Jul 02 ? 0:00 lpNet
> root 125 1 0 Jul 02 ? 0:00 /usr/sbin/kerbd
> root 123 1 0 Jul 02 ? 0:02 /usr/lib/netsvc/yp/ypbind -broadt
> daemon 138 1 0 Jul 02 ? 0:00 /usr/lib/nfs/statd
> root 140 1 0 Jul 02 ? 0:00 /usr/lib/nfs/lockd
> root 163 1 0 Jul 02 ? 0:00 /usr/lib/autofs/automountd
> root 167 1 0 Jul 02 ? 0:01 /usr/sbin/syslogd
> root 186 1 0 Jul 02 ? 1:23 /usr/sbin/nscd
> root 220 1 0 Jul 02 ? 0:00 /usr/sbin/vold
> root 180 1 0 Jul 02 ? 0:47 /usr/sbin/cron
> root 196 1 0 Jul 02 ? 0:00 /usr/lib/lpsched
> root 265 1 0 Jul 02 console 0:00 /usr/lib/saf/ttymon -g -h -p sco
> root 18358 135 0 Dec 04 ? 0:00 in.telnetd
> root 211 1 0 Jul 02 ? 0:04 /usr/lib/utmpd
> root 233 1 0 Jul 02 ? 0:40 /usr/dt/bin/dtlogin
> root 261 1 0 Jul 02 ? 0:00 /usr/lib/nfs/mountd
> root 259 1 0 Jul 02 ? 0:29 /usr/lib/nfs/nfsd -a 16
> root 267 264 0 Jul 02 ? 0:01 /usr/lib/saf/ttymon
> root 8642 8629 0 Jan 21 ? 0:30 dtgreet -display :0
> root 8629 233 0 Jan 21 ? 0:00 /usr/dt/bin/dtlogin
> nobody 7925 135 0 Nov 30 ? 0:00 fs
> regine 18360 18358 0 Dec 04 pts/5 0:00 -csh
> root 8602 135 0 Jan 21 ? 0:00 rpc.ttdbserverd
> root 17993 135 0 0:00 <defunct>
> root 18764 1 0 Aug 30 ? 0:02 /usr/lib/sendmail -bd -q15m
> root 8631 1 0 Jan 21 ? 0:00 /usr/openwin/bin/fbconsole -d :0
> oscar 13463 1 0 Mar 21 ? 0:04 ftp mew.tcs
> root 7439 7419 0 08:42:13 pts/7 0:00 /usr/bin/ps -ef
> root 7417 135 0 08:12:59 ? 0:00 in.telnetd
> ccchu 4607 1 0 Mar 15 ? 0:00 fs
> guest 7419 7417 0 08:13:00 pts/7 0:00 -csh
> guest 7092 1 0 19:26:45 ? 2:18 sim.v2
>
> Does anybody knows how I can find the hacker ps,and stop
> it?
> thanks a lot.
> Brad
>
> --------------------------------------------------------------------------
> Brad Chun
> [EMAIL PROTECTED]
> "The best way to escape from your problem is to solve it."
> --------------------------------------------------------------------------
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
-------------------------------------
Sam Bayne - System Administrator
North Seattle Community College
[EMAIL PROTECTED] (206)527-3762
=====================================
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
