Topic: sme 5.12 & Npulse + Vulnerable services

[Adserg]

Hi All

Has anyone run Npulse 0.54 to find out that there is a back door open for Hack A Tack & others? Well look below you get the picture.


Checking for vulnerable services
rpcinfo: can't contact portmapper: RPC: Remote system error - Connection refused
ftp: connect: Connection refused
Check common services ...... ok
Check for NetSphere ........ clean
Check for GateCrasher ...... clean
Check for GirlFriend ....... clean
Check for Hack A Tack ...... backdoor found
Check for EvilFTP .......... clean
Check for phAseZero ........ clean
Check for Back Orifice ..... possible backdoor found
Check for DeepThroat ....... possible backdoor found
Check for Portal of Doom ... possible backdoor found
Check for NetBus ........... clean
Check for Drat ............. clean
Check for SubSeven ......... clean
Check for Qaz trojan/worm .. clean

General Setup

I have a SME Server on dsl and i am set up as server and gateway dedicated.

I have a second server setup internally as a SME demo server. This is used to test all updates and rpm's before i actually install on our live server. The log you see above is what has been down loaded from the demo server. I will also mention that the internal demo server is setup as server only, As it's a demo i have no real reason to set it up any other way. I have rechecked our Live SME server and that is clean.

Problem

I ran Npulse about 3-4 days ago and all of the above was showing Clean. I went to Myezserver.com downloaded the update package 3 for SME 5.1.2 and have tested that it installs properly on the demo sme server. It seemed to install fine no problems. However i now have what you see above? I am not that worried as this is internal and is protected but i dont understand why this has happend? I am hanging off updating out actual live SME server untill we get somekind of idea what is going on?

If push comes to shove i'll simply wipe it and try another update to see if it happens again, then try changing some of the server settings to see if it changes it some how.

If anyone has any ideas i would be happy chappie.

Kind Regards to all

Ade

[Bill Talcott]

Do you know exactly how those vulnerabilities are tested for? According to http://www.commodon.com/threat/threat-hack.htm, Hack 'a' Tack is a Windows trojan, and therefore your SME couldn't have it.

I'm not positive, but I thought in Server-Only mode (I only have experience with Server-Gateway) it assumed that it was on a secured local network. Is it possible that the SME isn't firewalling incoming connections from your network (because it's "secure"), and your tester is only checking to see if the port is open?