On Sun, 26 Aug 2001, Matteo Sgalaberni wrote:
> > > sshd 8244 root 6u IPv4 537338 TCP *:6010 (LISTEN) > > > sshd 8441 root 6u IPv4 537997 TCP *:6011 (LISTEN) > > > sshd 9237 root 6u IPv4 539149 TCP *:6012 (LISTEN) > > > > Bogus ssh daemons, I presume. > > > mhm:°°° Debian potato deamon..mhm > Theese are just the ports sshd uses for X-forwarding. I suggest that you pull the plug and then mounts the disk in another machine, or boot it from installation media, before you do any examination of the filesystem. You can't trust any commands on a compromised host. $0.02 /Andreas
