On Sun, 23 Jun 2002, steveg wrote: > I am not a Sun expert by any means but this doesn't look like a compromise > to me .. > > > 1. %nmap foo > > .... > > 898/tcp open unknown > > Standard port for the SUN Management Console server. Indeed. Point your web browser at: http://server.name:898 to confirm this. > > Ok, What's happening?, I am very confused, the inode > > number fsol show points to a direcroty and a character > > device. How can i stop > > that listening binary? > > this is a service that should be started by smcboot check your /etc/rc#.d/ > directory (which ever runlvl you are in). > > of course if this is not a sun box then this is a little odd indeed... > again not an expert with sun but this looks like a normal sun service. If you want to remove the packages associated with this, they can be found with the command: pkginfo | grep 'Management Console' The run control script on a default Solaris install is named init.wbem (It starts in runlevel2 with the linked script: /etc/rc2.d/S90wbem) if you just want to turn off the service. -- Ken Fischer, CCNA <kenfat_private> PGP Fingerprint: 9523 54B6 D67B BBFB 53B3 2F3B 7E81 0891 C495 CB50 -- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jun 25 2002 - 16:21:41 PDT