The information in the email pertaining to the user 'operator' was on the
remote machine which had attempted to connect to Ben's portmap service.
Because the remote machine had attempted the connection, a program on
Ben's machine is setup to finger the remote account that is attempting the
connection. In this case, it was the user operator on pts/1 and pts/2 on
the remote machine.
Take a look at a portion of the email quoted below:
>Subject: portmap attempt on thor from 211.57.229.2 (211.57.229.2)
If you notice the IP address displayed above in the topic, and below in
the body of the message. They are identical. The information being
displayed is formatted the way that finger (/usr/bin/finger) outputs its
data. Because the first part of the line displays the IP address, this
tells us that the finger request was sent to the remote machine.
> [211.57.229.2]
> Login: operator Name: operator
> Directory: /root Shell: /bin/sh
For example, run the command: finger [EMAIL PROTECTED] on your system
and compare the output.
[dro@mail dro]$ finger [EMAIL PROTECTED]
[211.57.229.2]
Login: operator Name: operator
Directory: /root Shell: /bin/sh
Last login Mon Mar 5 13:23 (KST) on 2 from 21dial234.xnet.ro
No mail.
No Plan.
look familiar?
Based on the information that Ben provided to the list, I believe that
his system has not been compromised. If, however, Ben feels that the
machine has indeed been compromised, the safest bet would be to re-install
the OS.
Best Regards,
Joshua Hirsh
efni CONNECT
UNIX Systems Administration
[EMAIL PROTECTED]
Tel: (705) 474-3364 ext. 2557
Fax: (705) 472-9202
> I'd ask, however, for clarification from Ben, as to whether or not user
> "operator" has a password, no password at all, or the normal "*" in the
> password field. If user "operator" has the * in the password field, user
> "operator" should not be able to log into pts/1 or pts/2, would you not
> agree?
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
