well la ti da, i've joined the esteemed company of those who have been hacked.
and according to netstat, a connection to babble-on.systems.:ircd is still active. i'm curious if there's any point in trying to find the other end of this connection, and how to do that, or is it pointless? a web search for babble-on.systems.:ircd turned up undernet.org, which i'm wondering if i would be foolish to browse to, perhaps only to get yet another machine into big trouble? fwiw, so far as i've discovered so far, various utilities got replaced, among them ls, ps, netstat, mv, et al. (i'm running restored versions of them.) (this was my dmz machine, the web/mail server, rh7.1, no i hadn't bothered to do security updates. you bet i will henceforth.) netstat sez: Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 ip67-93-158-131.z:42420 babble-on.systems.:ircd ESTABLISHED tcp 0 0 ip67-93-158-131.z1:3943 ip67-93-158-130.z15:ssh ESTABLISHED tcp 0 0 ip67-93-158-131.z15:ssh 194.164.38.77:33592 ESTABLISHED Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 3 [ ] STREAM CONNECTED 33284450 unix 3 [ ] STREAM CONNECTED 33284449 unix 2 [ ] STREAM CONNECTED 33268343 unix 2 [ ] DGRAM 33209229 unix 2 [ ] DGRAM 32489573 unix 2 [ ] DGRAM 31564538 unix 2 [ ] DGRAM 1554 unix 2 [ ] DGRAM 1360 unix 2 [ ] DGRAM 556 unix 2 [ ] STREAM CONNECTED 514 -- redhat-list mailing list unsubscribe mailto:[EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
