Date: Thu, 18 Oct 2001 14:23:36 -0600 From: "Tomek" <tomek@mpionline.com> To: "Tomek" <tomek@mpionline.com>, <freebsd-questions@FreeBSD.ORG> Subject: Re: I got hacked, I think Message-ID: <03db01c15812$c4575d40$f6f073d1@mpionline.com> References: <20011018131823.Y621-100000@jodie.ncptiddische.net> <011e01c157cf$9b401700$f6f073d1@mpionline.com> <20011018165057.V3734@ns2.wananchi.com> <01e701c157e4$f012abc0$f6f073d1@mpionline.com> <20011018180513.C3734@ns2.wananchi.com> <20011018114805.E70327@acadia.ne.mediaone.net> <018801c157ef$37ec0720$f6f073d1@mpionline.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I found out more info. -rw-r--r-- 1 Broot wheel 54 Sep 26 10:24 /inetd.conf -rw-r--r-- 1 Broot wheel 85857 Sep 26 21:38 /sudo-1.6.3.7_1.tgz -rw------- 1 Broot wheel 4869 Sep 26 10:25 /etc/inetd.conf Checking the bizarre /inetd.conf is shocking: eklogin stream tcp nowait root /bin/sh sh -i I take it that "sh" would not even request a login or anything if called directly from inetd.conf, would it? I am sitting here, he is STILL pinging me and watching the system (even tried to ftp again a few minutes ago), and for the life of me I can't figure out where it all began... who did he even login in the first time, maybe it was some buffer overflow or something.... yuck. TY for all your help guys, you are all wonderful! I will leave you in peace now (I hope). I still dont know about Broot though... To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?03db01c15812$c4575d40$f6f073d1>