Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Feb 2004 10:20:51 -1000
From:      Clifton Royston <cliftonr@tikitechnologies.com>
To:        Duncan Campbell <campbell@tagish.taiga.ca>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Rooted system
Message-ID:  <20040216202051.GA15307@tikitechnologies.com>
In-Reply-To: <20040216200052.BAC7C16A4FA@hub.freebsd.org>
References:  <20040216200052.BAC7C16A4FA@hub.freebsd.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Feb 16, 2004 at 12:00:52PM -0800, freebsd-security-request@freebsd.org wrote:
> Date: Mon, 16 Feb 2004 01:20:23 +0100
> From: "Remko Lodder" <remko@elvandar.org>
> Subject: RE: [Freebsd-security] Rooted system
> To: "Duncan Campbell" <campbell@tagish.taiga.ca>,
> 	<freebsd-security@freebsd.org>
> Message-ID: <20040216001944.306A92B4D6C@mail.evilcoder.org>
> Content-Type: text/plain;	charset="iso-8859-1"
> 
> Hi,
> 
> 
> And now what? [ You are unclear to me ]
> 
> Well, you could use a Security Toolkit Distribution from Knoppix, called
> knoppix-std
> And do some research with that.
 
  More generic forensic help (less Linux-specific) might come from the
"Coroner's Toolkit" from the team of Wietse Venema and Dan Farmer
(SATAN et al., and also TCPwrap and Postfix in the case of Wietse.)
It's supposed to be pretty cross-platform with BSD support. 

  <http://www.porcupine.org/forensics/tct.html>;

  Sounds like it might already be a bit late to do deep forensics on
the system but maybe better late than never.

> Hope this helps you a little,
> 
> And sorry to hear that your system is compromised, hang on, take care, and
> if we can
> help...

  Sorry to hear it also.

  I assume, since you've been active on this list, your system was
fully patched, up-to-date with all FreeBSD security notices?  Any
particular nonstandard ports or services running on this system?

  -- Clifton

-- 
          Clifton Royston  --  cliftonr@tikitechnologies.com 
         Tiki Technologies Lead Programmer/Software Architect
Did you ever fly a kite in bed?  Did you ever walk with ten cats on your head?
  Did you ever milk this kind of cow?  Well we can do it.  We know how.
If you never did, you should.  These things are fun, and fun is good.
                                                                 -- Dr. Seuss



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040216202051.GA15307>