From owner-freebsd-security Wed May 30 6:44:52 2001 Delivered-To: freebsd-security@freebsd.org Received: from threat.tjhsst.edu (threat.tjhsst.edu [198.38.16.9]) by hub.freebsd.org (Postfix) with ESMTP id F346737B423 for ; Wed, 30 May 2001 06:44:47 -0700 (PDT) (envelope-from abarros@threat.tjhsst.edu) Received: (from abarros@localhost) by threat.tjhsst.edu (8.11.3/8.11.3) id f4UDaBr20104; Wed, 30 May 2001 09:36:11 -0400 Date: Wed, 30 May 2001 09:36:11 -0400 From: Andrew Barros To: Bigby Findrake Cc: freebsd-security@FreeBSD.ORG Subject: Re: freebsd rootkit Message-ID: <20010530093611.C27126@tjhsst.edu> Mail-Followup-To: Bigby Findrake , freebsd-security@FreeBSD.ORG References: <20010529134040.R98104-100000@awww.jeah.net> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="t0UkRYy7tHLRMCai" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: ; from bigby@ephemeron.org on Tue, May 29, 2001 at 03:34:29PM -0700 X-Operating-System: Linux threat.tjhsst.edu 2.2.17 X-I-Graduate-In: 18.7831597222222 days Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org --t0UkRYy7tHLRMCai Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Someone should add it in ports. It would be rooting and then cleaning up really easy. :-) -ajb On Tue, May 29, 2001 at 03:34:29PM -0700, Bigby Findrake wrote: ->On Tue, 29 May 2001, Chris Byrnes wrote: -> ->> That's not a wise request on a list like this. Backup, format and ->> reinstall. -> ->Why not? Surely you're not suggesting that a rootkit is a bad thing, or ->that no one here would help him find one - wouldn't that be rather silly ->of us? If we knew where one was, wouldn't it make the most sense to make ->sure that anyone could get there hands on it? Isn't that (among other ->ways) how open software advances? I can't count the number of times I've ->seen security people make the argument that everyone should own lockpicks. -> ->If I misunderstood, you, Chris, what did you mean? -> ->>=20 ->>=20 ->> Chris Byrnes (chris@JEAH.net) ->> JEAH Communications, LLC (www.JEAH.net) ->> Call toll-free! 1-866-AWW-JEAH ->>=20 ->>=20 ->> On Wed, 30 May 2001, Lim Seng Chor wrote: ->>=20 ->> > sorry, you all misunderstood me... : ( ->> > ->> > i am the system admin of my site here, and i am suspecting my ->> > user is compromising my system files. i would like to check on ->> > what the files availble in rootkit, and see whether my users are ->> > using that or not. ->> > it is just for security audit purpose.... ->> > ->> > stop xxxxxxx me please.... ->> > ->> > To Unsubscribe: send mail to majordomo@FreeBSD.org ->> > with "unsubscribe freebsd-security" in the body of the message ->> > ->>=20 ->>=20 ->> To Unsubscribe: send mail to majordomo@FreeBSD.org ->> with "unsubscribe freebsd-security" in the body of the message ->>=20 -> -> ->To Unsubscribe: send mail to majordomo@FreeBSD.org ->with "unsubscribe freebsd-security" in the body of the message ---end quoted text--- --=20 Andrew Barros PGP Key Fingerprint: D3B8 0800 C45A 143E 5CF0 E112 0A1B AB36 B655 1FB8 --t0UkRYy7tHLRMCai Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.3 (GNU/Linux) Comment: For info see http://www.gnupg.org iD8DBQE7FPdLChurNrZVH7gRAlsKAJ9tjP/VuxpVJILD6YVq2aD9ebxAuQCeOn2k Mc6uyES1nvvRn4gl4x3TLzw= =6VR1 -----END PGP SIGNATURE----- --t0UkRYy7tHLRMCai-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message