Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Igor Roshchin (strgiganda.komkon.org)
Date: Thu Aug 23 2001 - 04:31:13 CDT
You have some non-ASCII symbol in the name of the directory.
Use -b or -B options for the ls (read man pages on ls(1))
to see what "invisible" symbols participate in the name of the "extra"
Use that name to access the directory in question.
> From owner-freebsd-securityFreeBSD.ORG Thu Aug 23 05:25:58 2001
> To: securityFreeBSD.ORG
> Subject: Compromised system.
> Date: Thu, 23 Aug 2001 11:54:30 -0400
> From: Stefanos Kiakas <stefanose-scape.net>
> I was recently investigating a systems that may
> be compromised. The reason I say this is because of the
> following entries in the output of the ps -ax command.
> PID TT STAT TIME COMMAND
> 0 ?? DLs 0:04.35 (swapper)
> 1 ?? ILs 0:00.07 /sbin/init --
> 48474 ?? S 0:00.00 ./klogd
> 79612 ?? I 0:00.00 ./klogd
> 79613 ?? S 25:46.29 ./klogd
> 79623 ?? D 901:01.50 ./init 45 1103527590.log
> And the /tmp directory contains 2 . entries with approximately
> 92M in the second one.
> 123# cd /tmp
> 123# ls -al
> total 23
> drwxrwxrwt 3 root wheel 512 Aug 23 16:39 .
> drwxr-xr-x 2 root wheel 512 Aug 3 11:48 .
> drwxr-xr-x 20 root wheel 512 Apr 4 04:46 ..
> How do I access the second . directory to see what
> is in it? I have tried everything I can thing of but
> I cannot list any of the contents.
> Please cc me at stefanose-scape.net.
> Thank you,
> Stefanos Kiakas
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message