Security issue!

Discussion in general that pertains to Sabayon Linux - Must Pertain to Sabayon Linux

Moderator: Moderators

Security issue!

Postby No.2 » Mon Oct 30, 2006 20:50

My fire wall firestarter says I have cheese worm trying to talk on 10008 yet I can't find any sign of it; no /tmp.cheese and a clean sweep with KlamAV of the whole system.

I just had aMule start by its self with my whole / dir shared! It crashed every time I tried to change that.

Should I be worried?
No.2
Young Hen
 
Posts: 26
Joined: Mon Oct 30, 2006 13:40

Postby arjay » Tue Oct 31, 2006 0:39

Well, I wouldn't like it, especially given your aMule situation. It was supposedly an attempt to close a port opened by the Linux.lion.worm and wasn't considered harmful when first released years ago. I'd try to find and remove:

Linux.Cheese.Worm

Take a look at your /etc/inetd.conf to see if it's been modified too. You sound like you're aware of it, so I may not be telling you anything you don't already know.

I'd also emerge and run rkhunter, just cuz it's a good idea.


Code: Select all
emerge -v rkhunter


Run that regularly if you don't already. I've never had a problem with the cheese.worm myself, and am basically trying to remember the discussions and solutions I heard. Maybe someone else actually had to deal with it and can offer more information. Good-luck!
arjay
Simple Hen
 
Posts: 75
Joined: Thu Aug 24, 2006 22:03
Location: ~/earth

Postby No.2 » Tue Oct 31, 2006 0:49

Thanks for the reply.

Ran rkhunter and chkrootkit and nothing I have xinetd.conf so cheese wouldn't have modded that. Makes me think it is a false id by the firewall. It is trying to use 10008 though...

Still scratching my head re aMule reinstalled it and not happened since...
No.2
Young Hen
 
Posts: 26
Joined: Mon Oct 30, 2006 13:40

Postby arjay » Tue Oct 31, 2006 1:01

You're right...very strange. It may be something with firestarter, but I haven't received any complaints from fs. Will check the log and if I see anything, I'll get back. G'luck!
arjay
Simple Hen
 
Posts: 75
Joined: Thu Aug 24, 2006 22:03
Location: ~/earth

Postby cvill64 » Tue Oct 31, 2006 1:12

very odd, could have been a corrupted build and the way it was asking was flagged as suspicious as an virus must have root access to do any damage
cvill64
Sagely Hen
 
Posts: 2185
Joined: Fri Dec 30, 2005 10:03
Location: Virginia, USA


Return to Sabayon Linux General Discussion

Who is online

Users browsing this forum: No registered users and 5 guests