From owner-freebsd-security Wed Aug 1 9:16:55 2001 Delivered-To: freebsd-security@freebsd.org Received: from mx2.port.ru (mx2.port.ru [194.67.23.33]) by hub.freebsd.org (Postfix) with ESMTP id D3B6B37B401 for ; Wed, 1 Aug 2001 09:16:52 -0700 (PDT) (envelope-from m-a-x-i-m-u-m@mail.ru) Received: from f4.int ([10.0.0.51] helo=f4.mail.ru) by mx2.port.ru with esmtp (Exim 3.14 #1) id 15Ryfz-000Gkr-00; Wed, 01 Aug 2001 20:16:51 +0400 Received: from mail by f4.mail.ru with local (Exim 3.14 #1) id 15Ryfy-00057g-00; Wed, 01 Aug 2001 20:16:50 +0400 Received: from [195.201.78.235] by win.mail.port.ru with HTTP; Wed, 01 Aug 2001 16:16:50 +0000 (GMT) From: "Maximum" To: mschlosser@eschelon.com Cc: freebsd-security@freebsd.org Subject: RE: Trojan injected in my Freebsd 4.1-RELEASE Mime-Version: 1.0 X-Mailer: mPOP Web-Mail 2.19 X-Originating-IP: [195.201.78.235] Reply-To: "Maximum" Content-Type: text/plain; charset=koi8-r Content-Transfer-Encoding: 8bit Message-Id: Date: Wed, 01 Aug 2001 20:16:50 +0400 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org >If all you want to do is play with the hacker I want to find the way hacker injected trojan and close that backdoor. Simple restoring clean binaries will not help me understanding that way. >the other person might notice, do things quietly secretly. Stick >the machine on a hub with another machine and have that machine >sniff for traffic on that port. Then the person will not see you >looking for them. With luck, you can build a sandbox around them >without their knowledge. Could be a fun project. Problem is that my box placed as colocated server far faraway from me in another country and I have no physical access to computer. So only thing I can do is run my own watching programs. >nrfbsdrk v0.1 by gREMLiNs means rootkit. This person doesn't seem >very good since your security report told you they were there. >Probably script kiddie turned dorm rat. Hope you right because I can't have this server lost. Also I hope hackers do not subscribed to this maillist :) Maxim Sorokin To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message