From owner-freebsd-security Thu Apr 19 2:31:31 2001 Delivered-To: freebsd-security@freebsd.org Received: from flood.ping.uio.no (flood.ping.uio.no [129.240.78.31]) by hub.freebsd.org (Postfix) with ESMTP id A7C9C37B43C for ; Thu, 19 Apr 2001 02:31:28 -0700 (PDT) (envelope-from des@ofug.org) Received: (from des@localhost) by flood.ping.uio.no (8.9.3/8.9.3) id LAA31858; Thu, 19 Apr 2001 11:31:27 +0200 (CEST) (envelope-from des@ofug.org) X-URL: http://www.ofug.org/~des/ X-Disclaimer: The views expressed in this message do not necessarily coincide with those of any organisation or company with which I am or have been affiliated. To: "David G. Andersen" Cc: kris@obsecurity.org (Kris Kennaway), fukuda@alles.ad.jp (fukuda shinichi), freebsd-security@FreeBSD.ORG Subject: Re: unknown process References: <200104190324.VAA14081@faith.cs.utah.edu> From: Dag-Erling Smorgrav Date: 19 Apr 2001 11:31:26 +0200 In-Reply-To: <200104190324.VAA14081@faith.cs.utah.edu> Message-ID: Lines: 13 User-Agent: Gnus/5.0808 (Gnus v5.8.8) Emacs/20.4 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org "David G. Andersen" writes: > You've been hacked. Do what Kris said immediately - take your > system offline, and figure out how they got in. You'll likely > need to either restore from backups, a fresh install, or check > your tripwire/etc logs to determine what else the intruder > changed, if they installed a rootkit, etc. It's not either/or. The only acceptable solution to this situation is a complete reinstall from a trusted source (e.g. original CD set). DES -- Dag-Erling Smorgrav - des@ofug.org To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message