I nmap'ed one of my remote Gentoo servers today and besides the expected open ports were these:
1080/tcp open socks 3128/tcp open squid-http 8080/tcp open http-proxy I'm not running any sort of proxy software that I know of and I should be the only person whatsoever with access to the machine. 'netstat -l' doesn't show any info on those ports at all so I suppose it's been hacked as well? I installed and ran 'rkhunter --check' (what happened to the chrootkit ebuild?) but it doesn't seem to be much use since I hadn't established a "file of stored file properties". What do you guys think is going on? What should I do from here? - Grant
