He may have broken in, then covered his tracks. In that case, he
probably now have a backdoor into your machine. If your telnet is
changed, which is likely in a break in, that might explain your
inability to telnet. You should really determine if this is the case.
Check to see if you have locked yourself out by examining the
/etc/hosts.allow and /etc/hosts.deny files, assuming you aren't set up
with a firewall.
Edit your /etc/inetd.conf file to disable any service you don't actually
need. You need auth, and it sounds like you want telnet. Comment out
any line you don't have to have enabled. I think you can use linuxconf
to turn off what you don't need.
I would also recommend installing tripwire to detect changed files for
the future and portsentry to detect and block port scanners.
Good luck,
Fred
RedHat's site and their mirrors provide all the updates for these
security holes. Start with:
http://www.redhat.com/support/errata/
mi na wrote:
>
> Hi Frederic herman,
>
> Thanks for your quick response!
>
> I am using hosts.allow, and hosts.deny to restrict people access that box.
> If the hacker didn't not break in, why i can not telnet to that box.
>
> PS: Where i can get the latest patchs for named, telnet, and wu-ftp?
>
> Thanks again!
>
> Li
>
> >From: Frederic Herman <[EMAIL PROTECTED]>
> >Reply-To: [EMAIL PROTECTED]
> >To: [EMAIL PROTECTED]
> >Subject: Re: ttloop: peer died:
> >Date: Sat, 29 Jan 2000 11:42:41 -0700
> >
> >BTW, make sure your patches are up to date. Especially named, telnet
> >and wu-ftp.
> >
> >The hacker was trying to break in.
> >
> >
> >Frederic Herman wrote:
> > >
> > > Hacker attempted to telnet and failed. Check log file secure for the
> > > event as well as messages log file. If you find a message with the ip,
> > > traceroute it and report the event to the isp upstream from the ip.
> > >
> > > Fred
> > >
> > > mi na wrote:
> > > >
> > > > Hi All,
> > > >
> > > > I have a linux (redhat 5.2) box, no one can telnet to this box since
> > > > yesterday, and here is the log message:
> > > > "telnetd[467]: ttloop: peer died: Invalid or incomplete multibyte or
> >wide
> > > > character"
> > > >
> > > > Is this a some kind of Virus?
> > > >
> > > > Pls help, thanks!
> > > >
> > > > Li
> > > > ______________________________________________________
> > > > Get Your Private, Free Email at http://www.hotmail.com
> > > >
> > > > --
> > > > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > > > as the Subject.
> > >
> > > --
> > > To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> > > as the Subject.
> >
> >
> >--
> >To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> >as the Subject.
> >
>
> ______________________________________________________
> Get Your Private, Free Email at http://www.hotmail.com
>
> --
> To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
> as the Subject.
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
