Date: Wed, 14 Apr 2004 12:01:21 -0400 From: "dave" <dmehler26@woh.rr.com> To: "FreeBSD Questions" <freebsd-questions@freebsd.org> Subject: Re: have i been hacked? Message-ID: <002301c42239$bb3ca2d0$0200a8c0@satellite> References: <000001c421de$6c67ba10$0200a8c0@satellite> <20040414144409.F3F8.LUKEK@meibin.net> <BFBDD1B2-8E0A-11D8-9C6E-000A956D2452@chrononomicon.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello everyone,
Ok, i am almost certain i've been hacked now. I just checked the system
for some strange accounts or things i didn't recognize. I didn't see
anything in /etc/passwd, /etc/group, /etc/master.passwd, and so forth. I
however ran chkrootkit and got two very disturbing errors, firstly it was
going along reporting items as uninfected, then when it hit sniffer, the
first of several files it died with the error:
"Abort Trap"
I'm going to take this machine down, back it all up, and do a reinstall.
Also, an nmap scan of the machine from another box showed no unidentified
open services.
Keep the suggestions coming.
Thanks.
Dave.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?002301c42239$bb3ca2d0$0200a8c0>