Marc
On 4/14/05, kevin.j.lisciotti@xxxxxxxxxxxx <kevin.j.lisciotti@xxxxxxxxxxxx
> wrote:
|---------+------------------------------>
| | kevin.j.lisciotti@j|
| | pmchase.com |
| | Sent by: |
| | fedora-list-bounces|
| | @redhat.com |
| | |
| | |
| | 04/14/2005 02:58 PM|
| | Please respond to |
| | For users of Fedora|
| | Core releases |
| | |
|---------+------------------------------>
>--------------------------------------------------------------------------------------------------------------|
| |
| To: For users of Fedora Core releases <fedora-list@xxxxxxxxxx> |
| cc: "'For users of Fedora Core releases'" <fedora-list@xxxxxxxxxx>, |
| fedora-list-bounces@xxxxxxxxxx |
| Subject: RE: Network problems |
>--------------------------------------------------------------------------------------------------------------|
|---------+------------------------------>
| | "Thomas E. Dukes" |
| | <edukes@xxxxxxxxxx>|
| | Sent by: |
| | fedora-list-bounces|
| | @redhat.com |
| | |
| | |
| | 04/14/2005 02:49 PM|
| | Please respond to |
| | For users of Fedora|
| | Core releases |
| | |
|---------+------------------------------>
>--------------------------------------------------------------------------------------------------------------|
|
|
| To: "'Marc M'" <linuxr@xxxxxxxxx>, "'For users of Fedora
Core releases'" <fedora-list@xxxxxxxxxx>|
| cc:
|
| Subject: RE: Network problems
|
>--------------------------------------------------------------------------------------------------------------|
From: fedora-list-bounces@xxxxxxxxxx
[mailto:fedora-list-bounces@xxxxxxxxxx] On Behalf Of Marc M
Sent: Thursday, April 14, 2005 1:38 PM
To: For users of Fedora Core releases
Subject: Re: Network problems
Are the lights on, on the switch's ports that you are using? Have you
rebooted the switch? Are you able to connect with other machines or
ports (say a laptop)? Is the light working on the nic? Cabling good?
If you have multiple nics you should stop/start them and see if you can
get one to work, sometimes one works when another won't. service network
stop, ifup eth0, ifup eth1, etc. Look at your dmesg and see whether it
finds your eth0 or eth1, that'd be nice to know....
If you are able to narrow it down to the one FC2 box (and within the os),
then I would say that lastly you should run a chkrootkit utility on the
box to see if you have been own3d.
I ran chrootkit and I found this:
Checking `bindshell'... INFECTED (PORTS: 1524 31337)
Checking `lkm'... You have 12 process hidden for readdir command
You have 12 process hidden for ps command
Warning: Possible LKM Trojan installed
This looks like a problem!! What is bindshell? I did a locate but could
not find it installed. What do I need to do?
TIA
Cheers
Marc
It appears as though you have been hacked aka 0wn3d :) You better back up
your data and rebuild the system.
As a followup, can you telnet to the ports indicated, and what do you see?
--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: http://www.redhat.com/mailman/listinfo/fedora-list
