Hi,
Best thing to do is to 'pull the plug' immediately (your net connection).
Backup up the machine for later inspection, then reinstall fBSD and if
you got a seprate data backup put that back.
Then you might put the previous made backup on a clean machine for inspection.
Usual vulnerable things like telnet, ftp etc. is a good place to start looking
for in your logs. (In case you didn't block them)
Gr,
Axel

On Tue, Nov 13, 2001 at 09:22:33AM -0800, John Baldwin wrote:
> X-Mailer: XFMail 1.4.0 on FreeBSD
> Date: Tue, 13 Nov 2001 09:22:33 -0800 (PST)
> From: John Baldwin <jhbFreeBSD.org>
> To: Stefan Probst <stefan.probstopticom.v-nam.net>
> Subject: RE: Adore worm
> Cc: Rob Hurle <robcoombs.anu.edu.au>, freebsd-securityFreeBSD.ORG
>
>
> On 13-Nov-01 Stefan Probst wrote:
> > Good Evening,
> >
> > sorry for newbie-posting, but I don't have too much time to sift through
> > archives....
> >
> > Looks like my FreeBSD 4.2 Box (FreeBSD 4.2-RELEASE (GENERIC)) got hit by a
> > worm - or infested by purpose:
>
> It's a rootkit, and your box has been compromised. Backup your data and
> reinstall unless someone else has a better idea.
>
> --
>
> John Baldwin <jhbFreeBSD.org> -- http://www.FreeBSD.org/~jhb/
> "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/
>
> To Unsubscribe: send mail to majordomoFreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message

-- 
Axel Scheepers
UNIX System Administrator
email: axelaxel.truedestiny.net
       ascheepersvianetworks.nl
http://axel.truedestiny.net/~axel
------------------------------------------
"I can't complain, but sometimes I still do."
		-- Joe Walsh
------------------------------------------
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]