|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Hacked?
From: Adam Dewis (apdewis
postoffice.utas.edu.au)
Date: Sat May 10 2003 - 06:16:18 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Fri, 09 May 2003 10:45:20 -0500 Peter Elsner wrote:
> here's what's in /dev/fd/.99
>
> # cd /dev/fd/.99
> # ll
> -rw-r--r-- 1 root wheel 70 May 2 18:05 .ttyf00
>
> The contents of that file are:
>
> # more .ttyf00
> .99
> .ttyf00
> .ttyp00
> in.inetd
> sshd
> /sbin/sshd
> /usr/sbin/in.inetd
> .fx
>
> I have already restored my ls and now my dates are back to normal... I
> have also restored netstat.
>
> I am now going to do a complete re-install of all binaries...
>
> Before I do, let me know if there's anything else you need...
>
> Peter
>
Doing a complete reeinstall is all good and well, but Installing a
rootkit means that the cracker used a hole to gain the required
permissions to do so. Whcih in praticality means that you will need to
patch the hole as well, unfortunatly I cannot offer any advice on
finding the hole, but mayhaps some other security guru on this list may
be able to steer you in the right direction?
Adam
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]