[IMC-Tech] Important (inline) forward from BC tech
Alster
alster at indymedia.org
Tue Jun 7 09:15:44 PDT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Niel Wolfe Oscar schrieb:
> The following is what mike sent to the arkady tech list (which is
> sometimes blocked as well i think) {cc: tech at arkady.indymedia.org )
Hi!
I just conducted an nmap portscan on 66.199.184.254
(arkady.indymedia.org) unsing this command line:
nmap -sS -sR -sV -O -p- -P0 -vv 66.199.184.254
The source of this scan is cXXXXXX.adsl.hansenet.de.
Unless there's something honeypot-like running on this system or I'm too
unexperienced to interpret it correctly, I think this system is no
longer administrated by Indymedia.
Concerning the nmap output this server - which I assume is a production
system- is running IRC bouncers on three ports, SSH daemons of different
versions on port 22 (this is fine) and a very high port (this is quite
strange), the Nessus daemon, publically accessible PostgreSQL DB cluster
and Webmin, as well as Apache on a high port number (that however seems
to be used for keys.indymedia.org). Additionally, it does not seem to be
running any kind of firewall.
As always when your system has been compromised, you have to check
whether they gained root access, and if they did, the only solution is a
fresh install of the complete OS from trustable media. As it seems to be
running Debian Sarge and Sarge has just grown stable, this should be
even easier than before now.
Concerning chkrootkit, I propose you check with rkhunter, too. From my
experience it is much more reliable.
If you're interested in the nmap output, please let me know where I
should send it.
Please exclude imc-tech at lists d0t indymedia d0t org from any replies,
I'm just CC'ing this list to document that I sent a reply. Thanks.
Good luck with this,
Alster
- --
Info: http://docs.indymedia.org/view/Main/AlsteR
GPG key: http://keys.indymedia.org/cgi-bin/lookup?op=get&search=3D39AC3B
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFCpcgwbkf7nD05rDsRAgr7AJsGE+RLNDPjPGcAXYV5Qqz3fAycTgCeO/aR
bgaAck35zYfef8ullmDCehI=
=YF62
-----END PGP SIGNATURE-----
More information about the imc-tech
mailing list