From owner-freebsd-questions  Wed Sep  5 20: 3:12 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from obsecurity.dyndns.org (adsl-63-207-60-54.dsl.lsan03.pacbell.net [63.207.60.54])
	by hub.freebsd.org (Postfix) with ESMTP id 8594537B401
	for <freebsd-questions@FreeBSD.ORG>; Wed,  5 Sep 2001 20:03:08 -0700 (PDT)
Received: by obsecurity.dyndns.org (Postfix, from userid 1000)
	id D455E66D0A; Wed,  5 Sep 2001 20:03:07 -0700 (PDT)
Date: Wed, 5 Sep 2001 20:03:07 -0700
From: Kris Kennaway <kris@obsecurity.org>
To: abby <art@cristhal.com>
Cc: freebsd-questions@FreeBSD.ORG
Subject: Re: pid account hacked
Message-ID: <20010905200307.A82529@xor.obsecurity.org>
References: <000e01c12085$191d62e0$6100a8c0@amarildo>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-md5;
	protocol="application/pgp-signature"; boundary="J2SCkAp4GZ/dPZZf"
Content-Disposition: inline
User-Agent: Mutt/1.2.5i
In-Reply-To: <000e01c12085$191d62e0$6100a8c0@amarildo>; from art@cristhal.com on Wed, Aug 08, 2001 at 08:40:56PM -0700
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG


--J2SCkAp4GZ/dPZZf
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Wed, Aug 08, 2001 at 08:40:56PM -0700, abby wrote:
> I have a question regarding system accounts if I seem a bit non oriented =
its because I am somewhat new to unix security issues well someone hacked i=
nto one of the system accounts using a root kit I was lead to believe but t=
hey got in as=20
> pid user=20
>=20
> pid              ttyp0    141.13.3.9       Wed Sep  5 06:09 - 06:11  (00:=
05)
>=20
> and I Was able to view them through who or w=20
> this was totally freaking me out so first thing I Did was delete the user=
 I was wondering
> if you could give me more information on how this hapend to prevent syste=
m accounts from being hacked again
> someone said I should email here and ask thanx in advance

Step 1: Follow security advisories closely by subscribing to a mailing
list that carries them (see www.freebsd.org/security)

Kris

--J2SCkAp4GZ/dPZZf
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (FreeBSD)
Comment: For info see http://www.gnupg.org

iD8DBQE7ludrWry0BWjoQKURAqrhAJ0ceXQZPP0UeRzl2j8CSyBnpCWHDwCgzGK0
8GSo8F/JlmEPvOHASAiijqw=
=HAw9
-----END PGP SIGNATURE-----

--J2SCkAp4GZ/dPZZf--

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message