Algo raro en mi server

Miguel Santos manjava en michelle.celnet.com.mx
Mie Abr 4 19:32:54 CST 2001 

Chavos!!!

Bueno por algunas razones habia apagado el sendmail de mi server y hace un
momento teclee: sendmail -q

nada mas para mandar el email que tenia pendiente!

entonces me llego el siguiente email de error!

Date: Wed, 4 Apr 2001 20:28:04 -0500
From: Mail Delivery Subsystem <MAILER-DAEMON en xxxx.xxxx.xxx>
To: root en xxx.xxxxxxxx.xxx
Subject: Warning: could not send message for past 4 hours
Parts/Attachments:
   1   Shown     15 lines  Text
   2   Shown    301 bytes  Message, "Delivery Status"
   3   Shown     20 KB     Message, "xxx.xxx.xxx.xxx"
   3.1 Shown    920 lines  Text
----------------------------------------

    **********************************************
    **      THIS IS A WARNING MESSAGE ONLY      **
    **  YOU DO NOT NEED TO RESEND YOUR MESSAGE  **
    **********************************************

The original message was received at Wed, 4 Apr 2001 13:29:51 -0500
from root en localhost

   ----- The following addresses had transient non-fatal errors -----

adore9000 en sina.com

   ----- Transcript of session follows -----
adore9000 en sina.com... Deferred: mail.sina.com.cn.: No route to host
Warning: message still undelivered after 4 hours
Will keep trying until message is 5 days old

    [ Part 2: "Delivery Status" ]

Reporting-MTA: dns; thor.celnet.com.mx
Arrival-Date: Wed, 4 Apr 2001 13:29:51 -0500

Final-Recipient: RFC822; adore9000 en sina.com
Action: delayed
Status: 4.4.1
Remote-MTA: DNS; mail.sina.com.cn
Last-Attempt-Date: Wed, 4 Apr 2001 20:28:04 -0500
Will-Retry-Until: Mon, 9 Apr 2001 13:29:51 -0500

    [ Part 3: "Included Message" ]

Date: Wed, 4 Apr 2001 13:29:51 -0500
From: root <root>
To: adore9000 en sina.com
Subject: xxx.xxx.xxx.xxx

/**************************HOST IP*****************************/
eth0      Link encap:Ethernet  HWaddr 00:50:04:D0:C4:2B
          inet addr:xxx.xx.xx.x Bcast:xxx.xx.xx.x Mask:xxx.xxx.xxx.xxx
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5059512 errors:2 dropped:0 overruns:0 frame:3
          TX packets:5375073 errors:0 dropped:0 overruns:0 carrier:25
          collisions:85489 txqueuelen:100
          Interrupt:10 Base address:0x6500

eth0:0    Link encap:Ethernet  HWaddr 00:50:04:D0:C4:2B
          inet addr:192.168.0.254  Bcast:192.168.0.255  Mask:255.255.255.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:10 Base address:0x6500

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:3924  Metric:1
          RX packets:85311 errors:0 dropped:0 overruns:0 frame:0
          TX packets:85311 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0

/**************************PS*********************************/
USER       PID %CPU %MEM   VSZ  RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.0  1324  124 ?        S    Mar24   0:06 init [3]
root         2  0.0  0.0     0    0 ?        SW   Mar24   0:03 [kflushd]
root         3  0.0  0.0     0    0 ?        SW   Mar24   0:08 [kupdate]
root         4  0.0  0.0     0    0 ?        SW   Mar24   0:00 [kpiod]
root         5  0.0  0.0     0    0 ?        SW   Mar24   0:01 [kswapd]
root         6  0.0  0.0     0    0 ?        SW<  Mar24   0:00
[mdrecoveryd]


blah blah blah!!!

root      9634  0.0  0.7  2100 1020 ?        S    13:27   0:00 /bin/sh
root      9657  1.2  0.7  1880  908 ?        S    13:29   0:00 sh
/start.sh
root      9686  0.0  0.3  1340  480 ?        S    13:29   0:00 klogd
root      9688  0.0  0.7  2776  904 ?        R    13:29   0:00 adore -aux
/**************************HISTORY***************************/

< aqui viene mi history de root > 
 
/************************HOSTS*****************************/

< viene mi file de hosts >

/************************PASSWD***************************/

Viene mi archivo de Passwds!



Parece ser que es un gusano...


por bind, no he podido actualizar pero lo hare. 

Tecleo:

# top

y me sale lo siguiente: 

17413 root      20   5   420  420   344 R N  28,6  0,3   1:09 pscan-lprng
17333 root      20   5   404  404   344 R N  28,4  0,3   6:25 pscan-bind
17329 root      15   5   404  404   344 R N  26,9  0,3   6:27 pscan-statdx

# netstat -tna

tcp        0      1 xxx.xxx.xxx.xxx:2499        98.14.178.142:53
y asi se repite con varios hosts!

Que puedo hacer?

Miguel.

P.D. Disculpen el "gran" email!!

---------------------------------------------------------
para salir de la lista, enviar un mensaje con las palabras
"unsubscribe ayuda" en el cuerpo a majordomo en linux.org.mx

Más información sobre la lista de distribución Ayuda