We were hacked! Bleh. I’ve spent the last two days hunting down what happened, reformatting and re-installing everything and tightening security.
Trinoo is a tricky little bugger. It is an old Solaris trojan that performs denial of service attacks. It is hard to find too. I ran about 20 nmap scans and only two out of those showed the fingerprint of the trojan.Â The remaining ones came back clean.
12345/tcp open NetBus
12346/tcp open NetBus
27665/tcp open Trinoo_Master
31337/tcp open Elite
32770/tcp open sometimes-rpc3
32771/tcp open sometimes-rpc5
32772/tcp open sometimes-rpc7
32773/tcp open sometimes-rpc9
32774/tcp open sometimes-rpc11
54320/tcp open bo2k
Little Snitch caught ‘pong’ trying to call out and that was the final convincing point. I could not find good removal instructions and both commercial grade OSX virus programs I tried failed to find it.Â What a surprise.Â So had no choice but to do a clean format and re-install.
I have a newer version of “Little Snitch” running now. It is the best security program I’ve found for OSX.
I installed portsentry which kept many an attacker out of my linux boxes over the years.
An user on a local news forum told me about OpenWrt and X-wrt ( install them in that order, it was a totally painless install ) which is like giving your LinkSys box steroids. It’ll take a week or so to find my way through all the settings and properly secure everything.