From owner-freebsd-security  Mon Aug 20 10:54:12 2001
Delivered-To: freebsd-security@freebsd.org
Received: from mail.wlcg.com (mail.wlcg.com [198.92.199.5])
	by hub.freebsd.org (Postfix) with ESMTP id 3569537B40D
	for <freebsd-security@freebsd.org>; Mon, 20 Aug 2001 10:54:08 -0700 (PDT)
	(envelope-from rsimmons@wlcg.com)
Received: (from root@localhost)
	by mail.wlcg.com (8.11.5/8.11.5) id f7KHs7w96674;
	Mon, 20 Aug 2001 13:54:07 -0400 (EDT)
	(envelope-from rsimmons@wlcg.com)
Received: from localhost (rsimmons@localhost)
	by mail.wlcg.com (8.11.5/8.11.5) with ESMTP id f7KHs1G96667;
	Mon, 20 Aug 2001 13:54:02 -0400 (EDT)
	(envelope-from rsimmons@wlcg.com)
X-Authentication-Warning: mail.wlcg.com: rsimmons owned process doing -bs
Date: Mon, 20 Aug 2001 13:53:58 -0400 (EDT)
From: Rob Simmons <rsimmons@wlcg.com>
To: David Kirchner <davidk@accretivetg.com>
Cc: Rami AlZaid <lists@alzaid.com>, <freebsd-security@freebsd.org>
Subject: Re: Rooted
In-Reply-To: <20010819170743.S38221-100000@localhost>
Message-ID: <20010820135041.T91853-100000@mail.wlcg.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Virus-Scanned: by AMaViS perl-10
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: RIPEMD160

> If you want to be very careful, wiping the disk would be necessary. A
> backdoor could be anywhere, including in programs not part of the base
> system (such as bash from ports). It depends on how paranoid you are
> however. If you're not too worried, re-installing from a fresh cvsup would
> probably be good enough. You can check to see what programs are running as
> servers by running:
>
> netstat -aAn | grep LISTEN
> fstat | grep <hexcode from first column>

sockstat is a utility that combines the functionality of those two
commands - good stuff.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7gU65v8Bofna59hYRA9rFAKCNT8RWka5V/fq3kOkU+Q3Phqk9YACfX8HO
MXc5KUsToLUm7be6eJAHAF0=
=75G4
-----END PGP SIGNATURE-----



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message