Date: Fri, 21 May 2004 15:57:46 -0400 From: "Peter C. Lai" <sirmoo@cowbert.net> To: RazorOnFreeBSD <yann.luppo@attglobal.net> Cc: freebsd-security@freebsd.org Subject: Re: Hacked or not ? Message-ID: <20040521195746.GE46542@cowbert.net> In-Reply-To: <021f01c43f3a$e7eb7f40$0f01a8c0@razor> References: <021f01c43f3a$e7eb7f40$0f01a8c0@razor>
next in thread | previous in thread | raw e-mail | index | archive | help
--7LkOrbQMr4cezO2T
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
> ioctl(1,TIOCGETA,0xbfbff534) =3D 0 (0x0)
> ioctl(1,TIOCGWINSZ,0xbfbff5a8) =3D 0 (0x0)
> getuid() =3D 0 (0x=
0)
> readlink("etc/malloc.conf",0xbfbff490,63) ERR#2 'No such file or d=
irectory' #SUSPICIOUS
> mmap(0x0,4096,0x3,0x1002,-1,0x0) =3D 671666176 (0x2808d000)
> break(0x809b000) =3D 0 (0x0)
> break(0x809c000) =3D 0 (0x0)
> break(0x809d000) =3D 0 (0x0)
> break(0x809e000) =3D 0 (0x0)
> .........................................................................=
=2E.................and so on!
Looks normal to me here...not really sure why that is suspicious to you.
(it's just trying to load malloc.conf for malloc options).
--=20
Peter C. Lai
University of Connecticut
Dept. of Molecular and Cell Biology
Yale University School of Medicine
SenseLab | Research Assistant
http://cowbert.2y.net/
--7LkOrbQMr4cezO2T
Content-Type: application/x-pkcs7-signature
Content-Disposition: attachment; filename="smime.p7s"
Content-Transfer-Encoding: base64
MIIIlAYJKoZIhvcNAQcCoIIIhTCCCIECAQExCzAJBgUrDgMCGgUAMAsGCSqGSIb3DQEHAaCC
BhgwggLRMIICOqADAgECAgMMH+owDQYJKoZIhvcNAQEEBQAwYjELMAkGA1UEBhMCWkExJTAj
BgNVBAoTHFRoYXd0ZSBDb25zdWx0aW5nIChQdHkpIEx0ZC4xLDAqBgNVBAMTI1RoYXd0ZSBQ
ZXJzb25hbCBGcmVlbWFpbCBJc3N1aW5nIENBMB4XDTA0MDQxNDA2NDI1N1oXDTA1MDQxNDA2
NDI1N1owRDEfMB0GA1UEAxMWVGhhd3RlIEZyZWVtYWlsIE1lbWJlcjEhMB8GCSqGSIb3DQEJ
ARYSc2lybW9vQGNvd2JlcnQubmV0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA
xA5u/s2bmcc96AAzAw3xp1rBb3P0JHVzG5XtXTtIgMLZwVQJTQWYSo4bNS0Jl4x6sO7yHxOI
B7eJ2eOx2pMPhdW3lLloukuQQI+1x9Ti3W4h0yxAhn867UPR1UWz0xp1PoO4j9wg9N6FZC+m
ACdp/o74o/86FaTYlLXPM243VwfRaIQPfRjDGsFIMUga9yDQvWRizxKS0ucm3rtUohizhdtV
2DeXCYOOv1ojOaRpBcukJPXdhYcoOl4qxU/YBtou5n0RJzhggSvMKKJWIwwqF0RacYdGVMst
crIlsMq4VTG/i+F+lPX5+ugHWPOZV3Fe17eTJ/BwTKe8Tr4QduA1rwIDAQABoy8wLTAdBgNV
HREEFjAUgRJzaXJtb29AY293YmVydC5uZXQwDAYDVR0TAQH/BAIwADANBgkqhkiG9w0BAQQF
AAOBgQCXEIquVkTtK1C/eWYFUIQP1+JRA2QT5LxBMlrPDfOHGvtMSNbLs7y2YJXur8KFkwCo
4XybEqfcGyyAss2A1gE1BvagvCeAXUqTEbtEklUEGsM1Fh/XS1c2ug/UMonKW54LrgXUGxwy
Xjn6LdBSvH/w5/Fw6Yp1juayjvY2l5k46DCCAz8wggKooAMCAQICAQ0wDQYJKoZIhvcNAQEF
BQAwgdExCzAJBgNVBAYTAlpBMRUwEwYDVQQIEwxXZXN0ZXJuIENhcGUxEjAQBgNVBAcTCUNh
cGUgVG93bjEaMBgGA1UEChMRVGhhd3RlIENvbnN1bHRpbmcxKDAmBgNVBAsTH0NlcnRpZmlj
YXRpb24gU2VydmljZXMgRGl2aXNpb24xJDAiBgNVBAMTG1RoYXd0ZSBQZXJzb25hbCBGcmVl
bWFpbCBDQTErMCkGCSqGSIb3DQEJARYccGVyc29uYWwtZnJlZW1haWxAdGhhd3RlLmNvbTAe
Fw0wMzA3MTcwMDAwMDBaFw0xMzA3MTYyMzU5NTlaMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQK
ExxUaGF3dGUgQ29uc3VsdGluZyAoUHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29u
YWwgRnJlZW1haWwgSXNzdWluZyBDQTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAxKY8
VXNV+065yplaHmjAdQRwnd/p/6Me7L3N9VvyGna9fww6YfK/Uc4B1OVQCjDXAmNaLIkVcI7d
yfArhVqqP3FWy688Cwfn8R+RNiQqE88r1fOCdz0Dviv+uxg+B79AgAJk16emu59l0cUqVIUP
SAR/p7bRPGEEQB5kGXJgt/sCAwEAAaOBlDCBkTASBgNVHRMBAf8ECDAGAQH/AgEAMEMGA1Ud
HwQ8MDowOKA2oDSGMmh0dHA6Ly9jcmwudGhhd3RlLmNvbS9UaGF3dGVQZXJzb25hbEZyZWVt
YWlsQ0EuY3JsMAsGA1UdDwQEAwIBBjApBgNVHREEIjAgpB4wHDEaMBgGA1UEAxMRUHJpdmF0
ZUxhYmVsMi0xMzgwDQYJKoZIhvcNAQEFBQADgYEASIzRUIPqCy7MDaNmrGcPf6+svsIXoUOW
lJ1/TCG4+DYfqi2fNi/A9BxQIJNwPP2t4WFiw9k6GX6EsZkbAMUaC4J0niVQlGLH2ydxVyWN
3amcOY6MIE9lX5Xa9/eH1sYITq726jTlEBpbNU1341YheILcIRk13iSx0x1G/11fZU8xggJE
MIICQAIBATBpMGIxCzAJBgNVBAYTAlpBMSUwIwYDVQQKExxUaGF3dGUgQ29uc3VsdGluZyAo
UHR5KSBMdGQuMSwwKgYDVQQDEyNUaGF3dGUgUGVyc29uYWwgRnJlZW1haWwgSXNzdWluZyBD
QQIDDB/qMAkGBSsOAwIaBQCggbEwGAYJKoZIhvcNAQkDMQsGCSqGSIb3DQEHATAcBgkqhkiG
9w0BCQUxDxcNMDQwNTIxMTk1NzQ2WjAjBgkqhkiG9w0BCQQxFgQUBmf8obbd1Hl/+eQr1zv7
M3oy3WUwUgYJKoZIhvcNAQkPMUUwQzAKBggqhkiG9w0DBzAOBggqhkiG9w0DAgICAIAwDQYI
KoZIhvcNAwICAUAwBwYFKw4DAgcwDQYIKoZIhvcNAwICASgwDQYJKoZIhvcNAQEBBQAEggEA
k4/KX7PCsKbpmHEDstehdp0fwXdZy1U+KAaKsgfeAqjSwQ4lzVs32VjxeSePTG+wKQ0TmIqF
eMRYTq0JvNStdvQlg0x0+OxL5kBO/3TRZlMpstp/Ymy2jS+zfPlRFOJBSdpEJT7ffLTHBIEO
4+oJJ6wNa1AQa4Y5EqYQqzBYOk6LV4zDNoiAFBR/VO06hQAZt+VNAEiwIVy9Kk/11U9qjME1
LTTAOSTBV6wgZxmlBbj0gflYts19I1VPbR2+VBnTQqBbqMrzOKKCUdMh7zP6ZxjRN/EO8GJY
BzL8LyTVw5Jg4uMUWj73ox0ngAB5hdQ0imkTKFkc8Um3CeZ6pINLeQ==
--7LkOrbQMr4cezO2T--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040521195746.GE46542>