glgxg at sbcglobal.net
Tue Jan 1 22:48:47 GMT 2008
On 01/01/2008 02:00 PM, Joris Dobbelsteen wrote:
> The box has PostFix, PowerDNS, Apache2 and SSH exposed to the Internet.
> Unfortunally its connected to the single LAN segment I have at home.
> Fortunally I have a strict firewall that doesn't allow IRC out (I don't
> use it, so I do not need to allow it).
> tcp 0 1 192.168.10.xx:60278 126.96.36.199:6667
> SYN_SENT 15412/[kjournald]
> [trusted entries removed]
You have been hacked. There are a variety of trojans (linx related) that
use port 6667:
Is the system fully updated with all the recent Ubuntu patches/updates?
If so, you may want to contact the Ubuntu security team to let them know
and have them take a look.
[remote IRC servers can execute arbitrary commands]
More information about the ubuntu-users