%-> A recent popular method of gaining root access to some
%-> networked machines
%-> involved exploitation of the NXT record buffer overflow in
%-> BIND; it became
%-> so popular in later March that CERT put out a new advisory on
%-> the problem
%-> which had been the subject of an advisory last
deny
> ie: 60400:ALL
>
>
> > -Original Message-
> > From: Brad [SMTP:[EMAIL PROTECTED]]
> > Sent: Sunday, May 14, 2000 9:07 PM
> > To: [EMAIL PROTECTED]
> > Subject:there's a hacker!
> >
> > Dear all,
> > I am a newb
hm. very puzzling. this is ps output from a Solaris
box, isn't it?
Brad wrote:
>
> Dear all,
> I am a newbie as a administrator of company's workstations.
> Now I find(use "netstat") someone use Scorpio(one of workstaions) as a
> tcp proxy server at port 60400, but I don't know how to stop
> it
Message-
> From: Brad [SMTP:[EMAIL PROTECTED]]
> Sent: Sunday, May 14, 2000 9:07 PM
> To: [EMAIL PROTECTED]
> Subject: there's a hacker!
>
> Dear all,
> I am a newbie as a administrator of company's workstations.
> Now I find(use "netstat") someone us
Dear all,
I am a newbie as a administrator of company's workstations.
Now I find(use "netstat") someone use Scorpio(one of workstaions) as a
tcp proxy server at port 60400, but I don't know how to stop
it.I used the "ps" command, it displayed as follows:
UID PID PPID CSTIME TTY