On Thu, Dec 14, 2000 at 12:53:46AM -0800, [EMAIL PROTECTED] wrote:
> Sorry is this is too far off topic, but it seems to me the
> kernel may be helping in this break in or maybe some magic
> aspect of the filesystem.
I doubt that.... from this description, you've been hacked. Even if your
/etc/inetd.conf is in good shape, it looks like someone got in.
I'm guessing that your ls was also hijacked. You're using RedHat, so try
the rpm -V command to verify that the ls binary is the same as what should
be in the package. While you're at it, verify the package is the right one
(compare to a CD or distr ftp site).
Out of curiosity, are you running portmap? Perhaps BIND? There are lots
of potential culprits here -- but I suggest you verify all of your binaries
and go back and upgrade everything on your system, as well as re-visit the
issue of what daemons are started up at boot time.
Matt Dharm
--
Matthew Dharm Home: [EMAIL PROTECTED]
Maintainer, Linux USB Mass Storage Driver
C: They kicked your ass, didn't they?
S: They were cheating!
-- The Chief and Stef
User Friendly, 11/19/1997
PGP signature
