Date: Fri, 14 Jan 2005 10:30:34 -0500 From: Jeff Quast <af.dingo@gmail.com> To: JohnG <mcsjgs@cox.net> Cc: FreeBSD-security@freebsd.org Subject: Re: Intrusion Suspected, Advice Sought Message-ID: <c1feb81905011407302eb372d6@mail.gmail.com> In-Reply-To: <B328333E-6064-11D9-86AB-000A9594FCC6@cox.net> References: <B328333E-6064-11D9-86AB-000A9594FCC6@cox.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 6 Jan 2005 20:29:20 -0800, JohnG <mcsjgs@cox.net> wrote: > I run OS X 10.3.7 on a PowerMac MDD G4 on a cable broadband connection. > I have reason to think my system has been tampered with. Security > features in Mac OS X have been left unlocked (Preference Pane - Users) > even though a master lock has always been set in the Security > Preference Pane. This locks all other important preference panes which > could be tampered with. Also permissions have been reset at every boot > in my working directory. I've worked on this machine for about 17 > months, and I know its rhythms and what should be what. The permissions > problem is persistent and new. I do not think I am being paranoid or > alarmist. I have always had a NAT router, commercial firewall, and > virus protection. > > The only thing I can think of is a hidden *nix program from a > downloaded program (shareware/freeware) (I have scanned all packages > for viruses). I am almost positive it did not come via e-mail. I say > almost because I have been receiving odd e-mails that are totally blank > and have no information I can find. Conceivably, it could have been a > hacker. If so, that person was very skillful in getting in and only > left small traces of poking around. > > I assume your advice will be to do a clean re-install of both system > and programs. My question is how do I re-import the data from full > backup (probably also containing whatever it is) without further > jeopardizing my system? Any other advice, tips, or pointers to FreeBSD > programs I could run on Mac would be greatly appreciated. > > John Scherb Try the tools lsof and netstat to examine all open files and sockets for anything suspicious. However, I too have had subtle permission problems with Mac OSX, and I too do not think there is any real reason for concern. -- :wq!
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c1feb81905011407302eb372d6>