From owner-freebsd-security Tue Dec 10 18:23:42 1996 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.4/8.8.4) id SAA26771 for security-outgoing; Tue, 10 Dec 1996 18:23:42 -0800 (PST) Received: from genesis.atrad.adelaide.edu.au (genesis.atrad.adelaide.edu.au [129.127.96.120]) by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id SAA26758 for ; Tue, 10 Dec 1996 18:23:39 -0800 (PST) Received: (from msmith@localhost) by genesis.atrad.adelaide.edu.au (8.8.2/8.7.3) id MAA21192; Wed, 11 Dec 1996 12:53:24 +1030 (CST) From: Michael Smith Message-Id: <199612110223.MAA21192@genesis.atrad.adelaide.edu.au> Subject: Re: URGENT: Packet sniffer found on my system In-Reply-To: from Brian Tao at "Dec 10, 96 08:40:46 pm" To: taob@io.org (Brian Tao) Date: Wed, 11 Dec 1996 12:53:23 +1030 (CST) Cc: brian@saturn.net, freebsd-security@freebsd.org X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Brian Tao stands accused of saying: > > I did find the following three files on one of the shell servers, > which suggests the original compromise started there: > > -rw-r--r-- speff/user 2363 Dec 1 17:37 1996 usr/include/net/nit_buf.h > -rw-r--r-- speff/user 2628 Dec 1 17:37 1996 usr/include/net/nit_if.h > -rw-r--r-- speff/user 3016 Dec 1 17:37 1996 usr/include/sys/stropts.h *snort* Amusing to note that none of these are BSD-relevant (NIT is the Sun equivalent of BPF, and stropts?). One can hope that your hacker was less than genius material. 8) > Brian Tao (BT300, taob@io.org, taob@ican.net) -- ]] Mike Smith, Software Engineer msmith@gsoft.com.au [[ ]] Genesis Software genesis@gsoft.com.au [[ ]] High-speed data acquisition and (GSM mobile) 0411-222-496 [[ ]] realtime instrument control. (ph) +61-8-8267-3493 [[ ]] Unix hardware collector. "Where are your PEZ?" The Tick [[