Date: Thu, 18 Oct 2007 10:19:13 -0500 From: Paul Schmehl <pauls@utdallas.edu> To: freebsd-questions@freebsd.org Subject: Re: gtn bot ? Message-ID: <75F91F912378E3D6CE5C9E9B@utd59514.utdallas.edu> In-Reply-To: <009901c81182$6e060c90$6501a8c0@GRANT> References: <008201c8117d$7ae74460$6501a8c0@GRANT> <009901c81182$6e060c90$6501a8c0@GRANT>
next in thread | previous in thread | raw e-mail | index | archive | help
--On Thursday, October 18, 2007 08:28:46 -0400 Grant Peel <gpeel@thenetnow.com> wrote: > Hi all, > > I missed one to. I have never seen this process befor, any ideas? > > 6313 1 Mon Oct 15 19:34:39 2007 0:02.71 [prox] The problem with this approach is that the bad guys don't try to accomodate you by using common naming conventions. Searching for gtn or prox or eggdrop will most likely be a fruitless exercise. What you need to do is 1) identify what it is by locating it and all its associated files on the hard drive, 2) determing how to stop it so you can clean up and 3) figuring out how the box was broken into so you can prevent a reoccurrence. If you need help with that, I would suggest taking it private. It's best not to post these kinds of details in an open forum. I'd be happy to help, and I'm sure there are others here, even more experienced than I am, who can help. -- Paul Schmehl (pauls@utdallas.edu) Senior Information Security Analyst The University of Texas at Dallas http://www.utdallas.edu/ir/security/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?75F91F912378E3D6CE5C9E9B>