Greetings all,
I've got an
interesting one...
Does anyone out there
know of any nefarious uses of NVP (network voice protocol, RFC 741, proto no 11)
???
Just so happens I have come across a
Redhat 6.2 box that, when doing a netstat -alp, showed
Proto Recv-Q Send-Q Local Address
Foreign Address State
....
raw
0 0 *:11
*:*
7
Interestingly the PID corresponded to mingetty...
This machine had been compromised and also had a
rootshell running out of inetd...
Any ideas
anyone????
Best Regards
Ryan Oliver
questions/problems with archive to: webmaster@mcabee.org
Mail converted by
MHonArc 2.4.7