| 1 |
I nmap'ed one of my remote Gentoo servers today and besides the |
| 2 |
expected open ports were these: |
| 3 |
|
| 4 |
1080/tcp open socks |
| 5 |
3128/tcp open squid-http |
| 6 |
8080/tcp open http-proxy |
| 7 |
|
| 8 |
I'm not running any sort of proxy software that I know of and I should |
| 9 |
be the only person whatsoever with access to the machine. 'netstat |
| 10 |
-l' doesn't show any info on those ports at all so I suppose it's been |
| 11 |
hacked as well? I installed and ran 'rkhunter --check' (what happened |
| 12 |
to the chrootkit ebuild?) but it doesn't seem to be much use since I |
| 13 |
hadn't established a "file of stored file properties". |
| 14 |
|
| 15 |
What do you guys think is going on? What should I do from here? |
| 16 |
|
| 17 |
- Grant |
Archives