Re: Info on Known VMS Exploits/Cracks
From: JF Mezei (jfmezei.spamnot_at_istop.com)
Date: 09/27/03
- Next message: Don Sykes: "Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?"
- Previous message: Michael Austin: "Re: Info on Known VMS Exploits/Cracks"
- In reply to: Jerry Nezlick: "Info on Known VMS Exploits/Cracks"
- Next in thread: Andy Bustamante: "Re: Info on Known VMS Exploits/Cracks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Sat, 27 Sep 2003 13:40:45 -0400
Jerry Nezlick wrote:
> I think my VMS server was cracked some time in the past. I see
> connections opening on strange ports when no one should be on the
> system. (Outgoing to ports 113, 80, 6667, 6668. Destinations are
> usually in Asia.)
113 is ident. I know it is used by IRC servers.
80 is for WWW (HTTP). Could be used by any user with lynx, mosaic, kermit, netscape.
6667-6678 are part of the 6665-6669 block allocated to IRC.
TCPIP SHOW DEV will provide a list of current connections with a device name (BGnnn:)
SHOW DEV BGnnn: /FULL then provides you with the owner (username) and the process
id.
show proc/id=xxxxx /cont will show you what image this process is running.
- Next message: Don Sykes: "Re: Process's PreciseMail AntiSpam Gateway - any experience so far ?"
- Previous message: Michael Austin: "Re: Info on Known VMS Exploits/Cracks"
- In reply to: Jerry Nezlick: "Info on Known VMS Exploits/Cracks"
- Next in thread: Andy Bustamante: "Re: Info on Known VMS Exploits/Cracks"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
