From owner-freebsd-security Thu Aug 27 05:18:17 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id FAA03406 for freebsd-security-outgoing; Thu, 27 Aug 1998 05:18:17 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from speedy.nethampton.com (speedy.nethampton.com [207.252.75.40]) by hub.freebsd.org (8.8.8/8.8.8) with SMTP id FAA03390 for ; Thu, 27 Aug 1998 05:18:10 -0700 (PDT) (envelope-from tplatt@nethampton.com) Date: Thu, 27 Aug 1998 05:18:10 -0700 (PDT) Received: (qmail 12232 invoked from network); 27 Aug 1998 12:14:56 -0000 Received: from teebee.hamptons.com (HELO ?204.141.112.245?) (204.141.112.245) by speedy.nethampton.com with SMTP; 27 Aug 1998 12:14:56 -0000 X-Sender: tplatt@nethampton.com (Unverified) Message-Id: In-Reply-To: References: <199808270538.BAA01341@armitage.cylatech.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: Nicholas Charles Brawn From: "Timothy R. Platt" Subject: Re: post breakin log Cc: security@FreeBSD.ORG Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >On Thu, 27 Aug 1998, Wilson MacGyver wrote: > >> Hi guys, >> >> My FreeBSD box get hacked about two days ago... yes yes, via the popper. >> I reinstalled the system, but saved the log. I was looking through to >> see what he has done. There is some stuff you may find interesting... >> >> the log from history follows. >> >> >From the log, it seem he is very knowledgeable about FreeBSD. >> though I must admit, I don't get why he makes the /dev/sync. >> also, I don't know what the deal with the bnc* stuff bnc, or bounce, allows people to bounce irc sessions off your server.. ie they sit at home with their mirc running, connect to your machine which relays to an irc server.. thus producing your.compromised.server.com as their hostname on irc. Funny thing is, if you have any decent logging, you can log their IP. Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message