From owner-freebsd-security@FreeBSD.ORG  Sun Mar 30 10:14:52 2003
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6BAB837B401
	for <freebsd-security@freebsd.org>;
	Sun, 30 Mar 2003 10:14:52 -0800 (PST)
Received: from fat_man.ascendency.net (12-211-152-75.client.attbi.com
	[12.211.152.75])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 3D6C743FD7
	for <freebsd-security@freebsd.org>;
	Sun, 30 Mar 2003 10:14:49 -0800 (PST)
	(envelope-from mike@ascendency.net)
Received: from mike (user-119bct7.biz.mindspring.com [66.149.179.167])
	(authenticated)
	by fat_man.ascendency.net (8.11.6/8.11.6) with ESMTP id h2SB2kH99215
	for <freebsd-security@freebsd.org>;
	Fri, 28 Mar 2003 05:03:01 -0600 (CST)
	(envelope-from mike@ascendency.net)
From: "Mike Loiterman" <mike@ascendency.net>
To: <freebsd-security@freebsd.org>
Date: Fri, 28 Mar 2003 05:01:13 -0600
Message-ID: <020801c2f519$62e27130$0301a8c0@mike>
MIME-Version: 1.0
Content-Type: text/plain;
	charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.4024
Importance: Normal
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Mailman-Approved-At: Sun, 30 Mar 2003 10:56:26 -0800
Subject: RE: Bindshell rootkit
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: mike@ascendency.net
List-Id: Security issues [members-only posting]
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>,
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Mar 2003 18:14:55 -0000

=20
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Ok...did some checking.  I forgot to mention that I killed dead syslogd. =
 Not just a -HUP but an actual kill and restarted.  I did this several =
times.  I was trying to get something else to work.

Anyway, I killed it again this morning and restarted.  The infect =
message went away immediately. =20

Could this have been the problem?

- ------------------------------
Mike Loiterman
grantADLER Medical Corporation
Ph:  630-302-4944
Fax:  773-868-0071
PGP Key 0xD1B9D18E=20

-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
Comment: This message has been digitally signed by Mike Loiterman

iQA/AwUBPoQreGjZbUnRudGOEQKlKQCg3A7qjZeuOR8xRy1Y2mwhPXo1wSkAnji1
/ZHe/l+5pciz+K01oFG0hxwo
=3D+qca
-----END PGP SIGNATURE-----