[H-GEN] Router Intrusion?
Robert Stanford
rob at rotapile.com
Mon Oct 6 06:03:26 EDT 2003
[ Humbug *General* list - semi-serious discussions about Humbug and ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
On Mon, 2003-10-06 at 13:47, Conor Cunningham wrote:
> [ Humbug *General* list - semi-serious discussions about Humbug and ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
> Hello All,
>
> I have a sneaking suspicion the my router, running smoothwall GPL 1.0
> patched to patch 5, (they are up to 8 I know), seems to be running really
> oddly. I can't access the web remote admin service and the only services
> that are open are the following (taken from NMAPWin).
>
>
> Starting nmap V. 3.00 ( www.insecure.org/nmap )
> Interesting ports on siphon (192.168.1.1):
> (The 1599 ports scanned but not shown below are in state: closed)
> Port State Service
> 53/tcp open domain
> 222/tcp open rsh-spx
ssh into it on port 222 and see if /var is full. I've seen smoothwall
boxes that didnt rotate logs properly. This caused apache or whatever
they use to die.
--
Robert Stanford <rob at rotapile.com>
--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'. See http://www.humbug.org.au/
More information about the General
mailing list