From owner-freebsd-questions  Fri Aug 21 22:05:54 1998
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Received: (from majordom@localhost)
          by hub.freebsd.org (8.8.8/8.8.8) id WAA25709
          for freebsd-questions-outgoing; Fri, 21 Aug 1998 22:05:54 -0700 (PDT)
          (envelope-from owner-freebsd-questions@FreeBSD.ORG)
Received: from mutsgo.kf7nn.com (mutsgo.kf7nn.com [204.251.27.213])
          by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id WAA25692
          for <questions@FreeBSD.ORG>; Fri, 21 Aug 1998 22:05:52 -0700 (PDT)
          (envelope-from vagner@vagner.com)
Received: from vagner.com (ginger.kf7nn.com [192.168.0.4])
	by mutsgo.kf7nn.com (8.8.8/8.8.8) with ESMTP id AAA06784;
	Sat, 22 Aug 1998 00:04:51 -0500 (CDT)
	(envelope-from vagner@vagner.com)
Message-ID: <35DE5168.8DF53FD@vagner.com>
Date: Sat, 22 Aug 1998 00:04:40 -0500
From: George Vagner <vagner@vagner.com>
X-Mailer: Mozilla 4.04 [en] (Win95; I)
MIME-Version: 1.0
To: djv@bedford.net
CC: Laszlo Vagner <vagner@mutsgo.kf7nn.com>, questions@FreeBSD.ORG
Subject: Re: wierd
References: <199808220214.WAA05785@lucy.bedford.net>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

there was no access to the console other than myself
ever.  how could someone install a root kit without
root access.



CyberPeasant wrote:
> 
> Laszlo Vagner wrote:
> > what could this be?
> >
> > i understand the first 2 failed attempts to login but
> > a login from my own machine??? localhost? with 00's and not OO's
> >
> >
> >
> > Aug 20 23:04:28 mutsgo login: 1 LOGIN FAILURE FROM er4.rutgers.edu
> > Aug 20 23:04:28 mutsgo login: 1 LOGIN FAILURE FROM er4.rutgers.edu, kk7ax
> > Aug 20 23:10:37 mutsgo login: 2 LOGIN FAILURES FROM localhost
> > Aug 20 23:10:37 mutsgo login: 2 LOGIN FAILURES FROM localhost, r00t
> >
> 
> Somebody's messing with you.
> 
> I bet a script kid got in between 23:04 and 23:10, installed a bogus
> root kit, and tried to login as r00t. This is a common h4x0r misspelling.
> 
> time for an audit.
> 
> Dave
> --
>              Confutatis maledictis, flammis acribus addictis.
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message