From owner-freebsd-questions Sat Sep 9 11: 8:40 2000 Delivered-To: freebsd-questions@freebsd.org Received: from 2711.dynacom.net (2711.dynacom.net [206.107.213.3]) by hub.freebsd.org (Postfix) with ESMTP id 2EB2737B422 for ; Sat, 9 Sep 2000 11:08:38 -0700 (PDT) Received: from urx.com (dsl1-160.dynacom.net [206.159.132.160]) by 2711.dynacom.net (Build 101 8.9.3/NT-8.9.3) with ESMTP id LAA02066; Sat, 09 Sep 2000 11:08:36 -0700 Message-ID: <39BA7CA4.290140F3@urx.com> Date: Sat, 09 Sep 2000 11:08:36 -0700 From: Kent Stewart Reply-To: kstewart@urx.com Organization: Dynacom X-Mailer: Mozilla 4.75 [en] (Windows NT 5.0; U) X-Accept-Language: en MIME-Version: 1.0 To: Scott Cc: freebsd-questions@FreeBSD.ORG Subject: Re: Has my box been compromised? References: <39BA0BE6.C49E2FE3@earthlink.net> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Scott wrote: > > Hello, > > I was surfing on my dsl line (dynamic ip) a few minutes ago and noticed > my hard drive > was churning even though I wasn't doing much. I ran top and saw several > processes being run by user 'nobody' such as find, locate.proxxx (?can't > remember), and several 'sh'. I immediately killed ppp, and then the > 'nobody' > processes but many of the processes had already died after I killed the > ppp > connection. Did someone break in or is freebsd doing something behind > the > scenes as 'nobody'? Are you sure it wasn't the locate update running. It fires off at 1-2am and churns the system for a few minutes. Kent > > -- > Scott Dubose > Houston, TX > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Kent Stewart Richland, WA mailto:kbstew99@hotmail.com http://kstewart.urx.com/kstewart/index.html FreeBSD News http://daily.daemonnews.org/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message