Hello All,
I tried to telnet to my machine it showing
root@ice2# telnet 172.16.10.12
Trying 172.16.10.12...
telnet: Unable to connect to remote host: Connection refused
I have checked " /etc/default/login ", "CONSOLE" is commented. I
connected this machine (ice1) to my other server (ice2) via serial
port and made a tip connection. Through this tip window(ice1) I am
able to login to ice2 machine but it not happening in reverse order.
By the way I logged in as root and I am unable to change the passwd :
root@ice1# passwd
Permission denied
root@ice1#
the permission for this file is
root@adcom1# pwd
/usr/bin
root@adcom1# ls -l passwd
-r-sr-sr-x 1 root sys 23500 Feb 5 2004 passwd
root@adcom1#
Help me to solve this problem.
Thanks,
Velmurugan G
|
|
0
|
|
|
|
Reply
|
 gvelmurugan (40)
|
12/2/2005 6:47:35 AM |
|
gvelmurugan@gmail.com wrote:
> Hello All,
>
> I tried to telnet to my machine it showing
>
> root@ice2# telnet 172.16.10.12
> Trying 172.16.10.12...
> telnet: Unable to connect to remote host: Connection refused
>
> I have checked " /etc/default/login ", "CONSOLE" is commented. I
> connected this machine (ice1) to my other server (ice2) via serial
> port and made a tip connection. Through this tip window(ice1) I am
> able to login to ice2 machine but it not happening in reverse order.
>
> By the way I logged in as root and I am unable to change the passwd :
>
> root@ice1# passwd
> Permission denied
> root@ice1#
>
> the permission for this file is
>
> root@adcom1# pwd
> /usr/bin
> root@adcom1# ls -l passwd
> -r-sr-sr-x 1 root sys 23500 Feb 5 2004 passwd
> root@adcom1#
>
> Help me to solve this problem.
>
> Thanks,
> Velmurugan G
does not look promising.....
Check with "netstat -a " if the machine is listening on port 23 (
telnet ) ?
Is inetd started at all ?
//Lars
|
|
|
0
|
|
|
|
Reply
|
 tunla
|
12/2/2005 7:21:48 AM
|
|
gvelmurugan@gmail.com wrote:
> Hello All,
>
> I tried to telnet to my machine it showing
>
> root@ice2# telnet 172.16.10.12
> Trying 172.16.10.12...
> telnet: Unable to connect to remote host: Connection refused
>
> I have checked " /etc/default/login ", "CONSOLE" is commented. I
> connected this machine (ice1) to my other server (ice2) via serial
> port and made a tip connection. Through this tip window(ice1) I am
> able to login to ice2 machine but it not happening in reverse order.
>
> By the way I logged in as root and I am unable to change the passwd :
>
> root@ice1# passwd
> Permission denied
> root@ice1#
>
> the permission for this file is
>
> root@adcom1# pwd
> /usr/bin
> root@adcom1# ls -l passwd
> -r-sr-sr-x 1 root sys 23500 Feb 5 2004 passwd
> root@adcom1#
>
> Help me to solve this problem.
>
> Thanks,
> Velmurugan G
>
Perhaps a blessing in disguise. Can you use SSH instead?
|
|
|
0
|
|
|
|
Reply
|
Wes
|
12/2/2005 12:18:05 PM
|
|
gvelmurugan@gmail.com wrote:
> Hello All,
>
> I tried to telnet to my machine it showing
>
> root@ice2# telnet 172.16.10.12
> Trying 172.16.10.12...
> telnet: Unable to connect to remote host: Connection refused
>
> I have checked " /etc/default/login ", "CONSOLE" is commented. I
> connected this machine (ice1) to my other server (ice2) via serial
> port and made a tip connection. Through this tip window(ice1) I am
> able to login to ice2 machine but it not happening in reverse order.
>
> By the way I logged in as root and I am unable to change the passwd :
>
> root@ice1# passwd
> Permission denied
> root@ice1#
>
> the permission for this file is
>
> root@adcom1# pwd
> /usr/bin
> root@adcom1# ls -l passwd
> -r-sr-sr-x 1 root sys 23500 Feb 5 2004 passwd
> root@adcom1#
It looks like you have been hacked to me, in which case I would
reinstall the OS. The logs might tell you something although if someone
has managed to hack it, the logs can't be trusted.
You can run md5 if you have it and generate a checksum for files, then
go to Suns site
http://sunsolve.sun.com/pub-cgi/fileFingerprints.pl
and see if the fingerprints match a file issued by Sun. If some file
have obviously been hacked and you immediately need it, you could copy
from elsewhere - a CD if necessary
But in your case I do the bare minimum and then reinstall the OS.
I know where I used to work they were hacked on several occasions and
sometimes the hacker would leave his own ssh client so he could get it
and nobody else. You may find someone has done this with telnet.
--
Dave K
http://www.southminster-branch-line.org.uk/
Please note my email address changes periodically to avoid spam.
It is always of the form: month-year@domain. Hitting reply will work
for a couple of months only. Later set it manually. The month is
always written in 3 letters (e.g. Jan, not January etc)
|
|
|
0
|
|
|
|
Reply
|
Dave
|
12/2/2005 2:49:56 PM
|
|
Dave wrote:
> gvelmurugan@gmail.com wrote:
>
>> Hello All,
>>
>> I tried to telnet to my machine it showing
>>
>> root@ice2# telnet 172.16.10.12
>> Trying 172.16.10.12...
>> telnet: Unable to connect to remote host: Connection refused
>>
>> I have checked " /etc/default/login ", "CONSOLE" is commented. I
>> connected this machine (ice1) to my other server (ice2) via serial
>> port and made a tip connection. Through this tip window(ice1) I am
>> able to login to ice2 machine but it not happening in reverse order.
>>
>> By the way I logged in as root and I am unable to change the passwd :
>>
>> root@ice1# passwd
>> Permission denied
>> root@ice1#
>>
>> the permission for this file is
>>
>> root@adcom1# pwd
>> /usr/bin
>> root@adcom1# ls -l passwd
>> -r-sr-sr-x 1 root sys 23500 Feb 5 2004 passwd
>> root@adcom1#
>
>
> It looks like you have been hacked to me, in which case I would
> reinstall the OS. The logs might tell you something although if someone
> has managed to hack it, the logs can't be trusted.
>
> You can run md5 if you have it and generate a checksum for files, then
> go to Suns site
>
> http://sunsolve.sun.com/pub-cgi/fileFingerprints.pl
>
> and see if the fingerprints match a file issued by Sun. If some file
> have obviously been hacked and you immediately need it, you could copy
> from elsewhere - a CD if necessary
>
> But in your case I do the bare minimum and then reinstall the OS.
>
> I know where I used to work they were hacked on several occasions and
> sometimes the hacker would leave his own ssh client so he could get it
> and nobody else. You may find someone has done this with telnet.
>
Excellent reply Dave.
Hopefully the OP will also NOT use telnet and instead only use SSH on
the freshly installed and secured system since grabbing clear text
Telnet login info. is a piece of cake.
|
|
|
0
|
|
|
|
Reply
|
Wes
|
12/2/2005 11:00:48 PM
|
|
In article <43905f15@212.67.96.135>, Dave <INVALID.See-signature-for-how-to-determine@southminister-branch-line.org.uk> wrote:
>> root@ice1# passwd
>> Permission denied
>> root@ice1#
>>
> It looks like you have been hacked to me, in which case I would
Err, that's a premature conclusion. It might be true, but not yet known;
not enough details to determine yet.
That error above could be a nameservice issue, where his system is
configured to point to LDAP or NIS+, but where he wants to update the
local /etc/shadow information.
That's why 'passwd -r files' was suggested; if *THAT* doesn't work, then
he has real problems. But I'd say that's more likely to work.
Inability to telnet in just sounds more like inetd may not be running,
so nothing to listen on the telnet port to accept connections.
So far, I haven't seen anything that strongly points to a compromise.
Wouldn't rule it out, but I'd say try the more benign possibilities
first. :)
-Dan
|
|
|
0
|
|
|
|
Reply
|
Dan
|
12/3/2005 12:25:12 AM
|
|
No I have no SSH installed in my machine. I rebooted my machine,
telnet and passwd is working fine.
What blocked me to use passwd command and I have checked "netstat -a"
port 23 is listening, but after reboot it is going smooth.
Thanks,
Velmurugan G
|
|
|
0
|
|
|
|
Reply
|
gvelmurugan
|
12/3/2005 8:07:02 AM
|
|
Hello Dan,
I have no Name service configured in my system.
GV
|
|
|
0
|
|
|
|
Reply
|
gvelmurugan
|
12/5/2005 4:01:03 AM
|
|
|
7 Replies
1323 Views
(page loaded in 0.178 seconds)
|
Search |
Post Question |
Groups |
Stream |
About |
Register
25709 articles. 
78 followers. 