From owner-freebsd-questions@FreeBSD.ORG  Sat Aug 11 12:53:11 2007
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 0084816A421
	for <questions@freebsd.org>; Sat, 11 Aug 2007 12:53:11 +0000 (UTC)
	(envelope-from frank.wissmann41@web.de)
Received: from fmmailgate02.web.de (fmmailgate02.web.de [217.72.192.227])
	by mx1.freebsd.org (Postfix) with ESMTP id B545713C46E
	for <questions@freebsd.org>; Sat, 11 Aug 2007 12:53:10 +0000 (UTC)
	(envelope-from frank.wissmann41@web.de)
Received: from smtp07.web.de (fmsmtp07.dlan.cinetic.de [172.20.5.215])
	by fmmailgate02.web.de (Postfix) with ESMTP id 1C18B9337BF3;
	Sat, 11 Aug 2007 14:53:09 +0200 (CEST)
Received: from [84.138.206.66] (helo=grissom.einundvierzig.org)
	by smtp07.web.de with asmtp (TLSv1:AES256-SHA:256)
	(WEB.DE 4.108 #197)
	id 1IJqSq-0003Tv-00; Sat, 11 Aug 2007 14:53:09 +0200
Message-ID: <46BDB19C.402@web.de>
Date: Sat, 11 Aug 2007 14:54:52 +0200
From: Frank Wissmann <frank.wissmann41@web.de>
User-Agent: Thunderbird 2.0.0.5 (X11/20070728)
MIME-Version: 1.0
To: Brent <mrb@bmyster.com>
References: <20070811110231.M84490@bmyster.com>
In-Reply-To: <20070811110231.M84490@bmyster.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Sender: frank.wissmann41@web.de
X-Sender: frank.wissmann41@web.de
X-Provags-ID: V01U2FsdGVkX18UXFXRL0cxa09e9d2fosYHfCxDOkuzDJYiyQHm
	nj+tluGqmrymbdkT4sa1N11rAd3cEzupksdkrQu/IReYCCDe3i
	rldc3YULyid26HO+pN4g==
Cc: questions@freebsd.org
Subject: Re: server was hacked
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 11 Aug 2007 12:53:11 -0000

Brent wrote:
>, HOw excatly are they getting in ?
> what are the things I can do to prevent this. On FBSD how do you checksum
> binaries on the system to ensure someone hasnt replaced one with there own binary.

Do yourself a favor and buy the book

BSD Hacks
by
Dru Lavigne
O'Reilly Media
ISBN 0-596-00679-9

Chapter 6 and especially hacks 56,58 and 59 are useful.

Regards
Frank