From owner-freebsd-security Tue Jul 16 11:33:36 1996 Return-Path: owner-security Received: (from root@localhost) by freefall.freebsd.org (8.7.5/8.7.3) id LAA20959 for security-outgoing; Tue, 16 Jul 1996 11:33:36 -0700 (PDT) Received: from janus.scccc.com ([206.247.109.222]) by freefall.freebsd.org (8.7.5/8.7.3) with SMTP id LAA20942 for ; Tue, 16 Jul 1996 11:33:27 -0700 (PDT) Received: (from uucp@localhost) by janus.scccc.com (8.6.12/8.6.12) id MAA09340 for <@janus.scccc.com:freebsd-security@freebsd.org>; Tue, 16 Jul 1996 12:31:36 -0600 Received: from natasha.scccc.com(198.243.16.198) by janus.scccc.com via smap (V1.3) id sma009338; Tue Jul 16 12:31:26 1996 Received: by natasha.scccc.com (940816.SGI.8.6.9/940406.SGI) for freebsd-security@freebsd.org id MAA05206; Tue, 16 Jul 1996 12:06:52 -0600 From: "Kevin J. Duling" Message-Id: <9607161206.ZM5204@natasha.scccc.com> Date: Tue, 16 Jul 1996 12:06:52 -0600 In-Reply-To: jaeger "Re: ROOT COMPROMISE" (Jul 12, 11:12pm) References: X-Mailer: Z-Mail (3.2.0 26oct94 MediaMail) To: freebsd-security@freebsd.org Subject: Re: ROOT COMPROMISE Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk On Jul 12, 11:12pm, jaeger wrote: > Subject: Re: ROOT COMPROMISE > shell; it isn't clear from the logs just what this is, exploit or backdoor. > It's very refreshing to see actual cracking activity discussed. > Excepting a few papers from years ago, Shimomura's excellent dissection of > the Christmas '94 attack on his box, and a few recent bits and pieces, the > white hats don't get to see much of the actual intruder activity that's > going on. Please keep up the status reports :). > > -jaeger >-- End of excerpt from jaeger I'll second that. -- Kevin J. Duling /\/^\^/^\^\/\ SCC Communications Corp. kduling@scc911.com Boulder, Colorado (303) 581-5769