Date: Tue, 07 May 2002 10:36:59 -0400 From: "Charles M. Richmond" <cmr@iisc.com> To: sam@wa4phy.net, security@FreeBSD.ORG Subject: Re: Woot project Message-ID: <200205071436.KAA23748@koibito.iisc.com> In-Reply-To: Your message of "Mon, 06 May 2002 21:00:02 EDT." <3CD72712.37CB5750@vortex.wa4phy.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> I don't have SSH-1 or 2 active at the moment, That you know of... If your machine has been hacked previously, then that hacker probably left an sshd running as part of his rootkit. It may not be named sshd of course and it does have a back door. Or as you ask below, there is another vector of attack. I had a FreeBSD box hacked and until I figure out how it was done, I can't put it back in the network. Hmmm... maybe I'll put WK2 on it. )-: > so I'm wondering how access was gained. Have > searched all the log files for unusual activity, and nothing is apparent > so far. The message left at the bottom of my main page was: > > FreeBSD vortex.wa4phy.net 4.5-STABLE sexcii... - [sYn] of woot-project > > Aside from the SSH-1 vulunerabilities, is there any other known > entry points associated with this cracker group? To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200205071436.KAA23748>