Strange happenings over NVP

[Ryan.Oliver () pha com au]

Greetings all,

I've got an interesting one...

Does anyone out there know of any nefarious uses of NVP (network voice 
protocol, RFC 741, proto no 11) ???

Just so happens I have come across a Redhat 6.2 box that, when doing a 
netstat -alp, showed

Proto Recv-Q Send-Q Local Address           Foreign Address         State
.... 
raw        0      0 *:11                    *:*                     7

Interestingly the PID corresponded to mingetty...

This machine had been compromised and also had a rootshell running out of 
inetd...

Any ideas anyone????

Best Regards
Ryan Oliver