From owner-freebsd-security  Mon Dec 16 14:16:42 1996
Return-Path: <owner-security>
Received: (from root@localhost)
          by freefall.freebsd.org (8.8.4/8.8.4) id OAA07938
          for security-outgoing; Mon, 16 Dec 1996 14:16:42 -0800 (PST)
Received: from www.trifecta.com (www.trifecta.com [206.245.150.3])
          by freefall.freebsd.org (8.8.4/8.8.4) with ESMTP id OAA07892
          for <freebsd-security@freebsd.org>; Mon, 16 Dec 1996 14:16:30 -0800 (PST)
Received: (from dev@localhost) by www.trifecta.com (8.7.5/8.6.12) id RAA24622; Mon, 16 Dec 1996 17:16:30 -0500 (EST)
Date: Mon, 16 Dec 1996 17:16:30 -0500 (EST)
From: Dev Chanchani <dev@trifecta.com>
To: Brian Tao <taob@io.org>
cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org>
Subject: Re: URGENT: Packet sniffer found on my system
In-Reply-To: <Pine.BSF.3.95.961210204050.9494B-100000@nap.io.org>
Message-ID: <Pine.BSF.3.91.961216171533.24597B-100000@www.trifecta.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk



On Tue, 10 Dec 1996, Brian Tao wrote:

> 
> > Expire all the passwords and re-install all the system binaries and 
> > hopefully he will go away.
> 
>     All staff have been notified to cycle their passwords.  What to do
> with the user base is an entirely different matter...

Regarding the attack on your system. Having commercial accounts is a pain 
in the this case if their passwords have been sniffed. If you show signs 
you are on to the hacker, he will probably go away. If it is feasible, I 
would expire the users accounts and just say it is policy at the end of 
the year :)