Login or Register to Ask a Question and Join Our Community

Sponsored Content
Full Discussion: in.telnetd[5115] -- compromised?
Special Forums IP Networking in.telnetd[5115] -- compromised? Post 7159 by LowOrderBit on Wednesday 19th of September 2001 07:23:16 PM
Old 09-19-2001
in.telnetd[5115] -- compromised?
/* Linux Slackware */

looking in my logs I see tons of entries similar to below. Does anyone know what these mean, and should I be concerned. I looked up a few of the IP's at Arin.net and saw that many of them belong to isp's (not good).. Any information is helpful..

Body of Messages log
----------------------------

Jun 29 09:06:30 gateway profgpd[5155]:connect from 212.120.97.36

Jun 29 06:11:37 gateway in.telnetd[5102]: connect from root@66.115.18.3

Jul 1 03:07:58 gateway proftpd[5477]: connect from 209.87.230.226

---------------------------

gut feeling is that I have been compromised... am I right??

e0-
 

8 More Discussions You Might Find Interesting

1. UNIX for Dummies Questions & Answers

telnetd: all network ports in use

I hope someone can enlighten me on this. A few weeks ago, the root file system my UnixWare 7.1.1 server became corrupt so I ended up doing a full restore of the OS from tape backup. Since then, after I get about 270 users on the system, the message "telnetd: all network ports in use" is... (1 Reply)
Discussion started by: davekox
1 Replies

2. Cybersecurity

telnetd vs telnetd -a

Hi folks. I have a quick question on using "telnetd" vs. "telnetd -a". OS: AIX 5.x (5.1 through 5.3 ML3) Some engineers at work want to stop using "telnetd -a" and use "telnetd". (and of course, if I could get a cogent answer from them, I wouldn't be posting this question...) :mad: The... (0 Replies)
Discussion started by: davidl9999
0 Replies

3. Solaris

telnetd bug!

hi mates, a very important info for all solaris admins, there is a bug in telnetd on nearly every solaris version: pressy@mp-wst01 # id uid=100(pressy) gid=1(other) pressy@mp-wst01 # telnet -l "-froot" 192.168.40.1 Trying 192.168.40.1... Connected to 192.168.40.1. Escape character is... (3 Replies)
Discussion started by: pressy
3 Replies

4. Solaris

Can't start telnetd

Hello all, I've got a problem on a V240 running Solaris 9, the telnet daemon won't start. The error message I get is "telnetd: stdin is not a socket file descriptor." I've never seen this message before and I'm not exactly sure what it means. I know generally what stdin, sockets, and file... (4 Replies)
Discussion started by: ONEX
4 Replies

5. SCO

Telnetd Port Options

Ok, here i am in 2008 trying to figure out how to edit the port of Telnetd in sco openserver 4.2. I googled my butt off and cant seem to find any info. Does anyone have some specific howto's or good documentation on this? (2 Replies)
Discussion started by: j0ntar
2 Replies

6. AIX

telnetd daemon

Hi, When a client connected to AIX server by telnet is killed/crashes, is there a way for telnetd to recognize that and close/kill the application linked/started by that telnet session? We have a situation where clients disconnect because of frequent network outages, this leaves the... (2 Replies)
Discussion started by: mreyaz
2 Replies

7. Cybersecurity

Server has been compromised

Hi, I want to ask something about server that has been compromised. Recently, one of my VPS server has been hacked and the attacker install somekind like "IRC" script. Everytime I killed the process or close the port, it can open again .. and again ..I'm sure the attacker has installed... (14 Replies)
Discussion started by: franx47
14 Replies

8. UNIX for Dummies Questions & Answers

Please help my computer has been compromised

Hi everyone, I hope I am posting in the right spot and I really need some help. I am going through a horrible divorce and I am afraid that my husband has compromised . He set up my mac computer and router and for my job set up remote access for me. I caught him cheating on me and I think he... (6 Replies)
Discussion started by: kk243665
6 Replies

LEARN ABOUT OPENSOLARIS

ssh-socks5-proxy-connect

ssh-socks5-proxy-connect(1)					   User Commands				       ssh-socks5-proxy-connect(1)

NAME

       ssh-socks5-proxy-connect - Secure Shell proxy for SOCKS5

SYNOPSIS

       /usr/lib/ssh/ssh-socks5-proxy-connect
	    [-h socks5_proxy_host]
	    [-p socks5_proxy_port] connect_host connect_port

DESCRIPTION

       A proxy command for ssh(1) that uses SOCKS5 (RFC 1928). Typical use is where connections external to a network are only allowed via a socks
       gateway server.

       This proxy command does not provide any of the SOCKS5 authentication mechanisms defined in RFC 1928. Only anonymous connections are  possi-
       ble.

OPTIONS

       The following options are supported:

       -h socks5_proxy_host    Specifies the proxy web server through which to connect. Overrides the SOCKS5_SERVER environment variable.

       -p socks5_proxy_port    Specifies  the  port  on  which	the  proxy  web  server  runs. If not specified, port 80 is assumed. Overrides the
			       SOCKS5_PORT environment variable.

OPERANDS

       The following operands are supported:

       socks5_proxy_host    The host name or IP address (IPv4 or IPv6) of the proxy.

       socks5_proxy_port    The numeric port number to connect to on socks5_proxy_host.

       connect_host	    The name of the remote host to which the socks gateway is to connect you.

       connect_port	    The numeric port number of the socks gateway to connect you to on connect_host.

EXAMPLES

       The recommended way to use a proxy connection command is to configure the ProxyCommand in ssh_config(4) (see  Example  1  and  Example  2).
       Example 3 shows how the proxy command can be specified on the command line when running ssh(1).

       Example 1 Setting the proxy from the environment

       The following example uses ssh-socks5-proxy-connect in ssh_config(4) when the proxy is set from the environment:

	 Host playtime.foo.com
	     ProxyCommand /usr/lib/ssh/ssh-socks5-proxy-connect 
		 playtime.foo.com 22

       Example 2 Overriding proxy environment variables

       The following example uses ssh-socks5-proxy-connect in ssh_config(4) to override (or if not set) proxy environment variables:

	 Host playtime.foo.com
	     ProxyCommand /usr/lib/ssh/ssh-socks5-proxy-connect -h socks-gw 
		 -p 1080 playtime.foo.com 22

       Example 3 Using the command line

       The following example uses ssh-socks5-proxy-connect from the ssh(1) command line:

	 example$ ssh -o'ProxyCommand=/usr/lib/ssh/ssh-socks5-proxy-connect 
	     -h socks-gw -p 1080 playtime.foo.com 22' playtime.foo.com

ENVIRONMENT VARIABLES

       SOCKS5_SERVER	Takes socks5_proxy_host operand to specify the default proxy host.

       SOCKS5_PORT	Takes socks5_proxy_port  operand to specify the default proxy port.

EXIT STATUS

       The following exit values are returned:

       0     Successful completion.

       1     An error occurred.

ATTRIBUTES

       See attributes(5) for descriptions of the following attributes:

       +-----------------------------+-----------------------------+
       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       +-----------------------------+-----------------------------+
       |Availability		     |SUNWsshu			   |
       +-----------------------------+-----------------------------+
       |Interface Stability	     |Stable			   |
       +-----------------------------+-----------------------------+

SEE ALSO

       ssh(1), ssh-http-proxy-connect(1), ssh_config(4), attributes(5)

SunOS 5.11							    30 Oct 2002 				       ssh-socks5-proxy-connect(1)
All times are GMT -4. The time now is 03:07 AM.
Unix & Linux Forums Content Copyright 1993-2022. All Rights Reserved.
Privacy Policy