From owner-freebsd-questions  Thu Feb  7 17:43:14 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from some.ants.ate.my.cat5.at.dsgx.org (some.ants.ate.my.cat5.at.dsgx.org [64.215.225.2])
	by hub.freebsd.org (Postfix) with ESMTP id D0B7337B416
	for <questions@freebsd.org>; Thu,  7 Feb 2002 17:42:48 -0800 (PST)
Received: from some.ants.ate.my.cat5.at.dsgx.org (localhost.dsgx.org [64.215.225.2] (may be forged))
	by some.ants.ate.my.cat5.at.dsgx.org (8.12.2/8.11.6) with SMTP id g17KeGqo009919;
	Thu, 7 Feb 2002 20:40:16 GMT
	(envelope-from hh@dsgx.org)
Date: Thu, 7 Feb 2002 20:40:16 +0000
From: hh <hh@dsgx.org>
To: "Melo" <melo@reklai.com>
Cc: questions@freebsd.org
Subject: Re: 4.4-RELEASE-p7 FreeBSD 4.4-RELEASE-p7 problems
Message-Id: <20020207204016.4966eaf2.hh@dsgx.org>
In-Reply-To: <054901c1b03e$39c61bb0$13c8c8c8@reklai.com>
References: <20020207200606.2514059d.hh@dsgx.org>
	<054901c1b03e$39c61bb0$13c8c8c8@reklai.com>
X-Mailer: Sylpheed version 0.4.66 (GTK+ 1.2.10; i386-unknown-freebsdelf4.4)
Organization: dsgx net solutions
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

i don't think so my kernel didn't installed 100% .. thought i had to make -k ..
force it .. any packet should be missing do u know which one ? maybe to turn this on ?

On Fri, 8 Feb 2002 10:16:24 +0900
"Melo" <melo@reklai.com> wrote:

> Box has been compromised, check for Trojans
> 
> Cd /usr/ports/security/chkrootkit
> Make
> Make install
> /usr/local/sbin/chkrootkit
> 
> this will just find any rootkits installed
> 
> 
> 
> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of hh
> Sent: Friday, February 08, 2002 5:06 AM
> To: questions@FreeBSD.ORG
> Cc: freebsd-security@FreeBSD.ORG
> Subject: 4.4-RELEASE-p7 FreeBSD 4.4-RELEASE-p7 problems
> 
> razordea eggdrop-  1743   14 ?      ?                     ?
> 
> poker    eggdrop-  1732    3 ?      ?                     ?
> 
> poker    eggdrop-  1732    5 ?      ?                     ?
> 
> poker    eggdrop-  1729    3 ?      ?                     ?
> 
> poker    eggdrop-  1729    5 ?      ?                     ?
> 
> penhao   eggdrop-  1706    3 ?      ?                     ?
> 
> penhao   eggdrop-  1706    4 ?      ?                     ?
> 
> penhao   eggdrop-  1706    6 ?      ?                     ?
> 
> penhao   eggdrop-  1704    3 ?      ?                     ?
> 
> penhao   eggdrop-  1704    4 ?      ?                     ?             
> 
> some# netstat -na |more
> Active UNIX domain sockets
> Address  Type   Recv-Q Send-Q    Inode     Conn     Refs  Nextref Addr
> d9bc8d00 stream      0      0        0 d9bc8280        0        0
> /tmp/mysql.soc
> k
> d9bc8280 stream      0      0        0 d9bc8d00        0        0
> d9bc8d80 stream      0      0        0 d9bc8580        0        0
> /tmp/mysql.soc
> k
> d9bc8580 stream      0      0        0 d9bc8d80        0        0
> 
> what's going on ? i can't see who's connect from anywhere to anywhere ..
> i have an
>  4.4-RELEASE-p7 FreeBSD 4.4-RELEASE-p7
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 
> 
> ______________________________________
> Certified Virus Free Email
> http://www.reklai.com
> 
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message