From owner-freebsd-security  Thu Apr 19  8:50:15 2001
Delivered-To: freebsd-security@freebsd.org
Received: from caerulus.cerintha.com (caerulus.cerintha.com [207.18.92.26])
	by hub.freebsd.org (Postfix) with ESMTP id C0E5F37B42C
	for <freebsd-security@freebsd.org>; Thu, 19 Apr 2001 08:49:58 -0700 (PDT)
	(envelope-from scheidell@Cerintha.com)
Received: (from scheidell@localhost)
	by caerulus.cerintha.com (8.11.3/8.11.3) id f3JFnqF74867;
	Thu, 19 Apr 2001 11:49:52 -0400 (EDT)
Date: Thu, 19 Apr 2001 11:49:52 -0400 (EDT)
From: Michael S Scheidell <scheidell@Cerintha.com>
Message-Id: <200104191549.f3JFnqF74867@caerulus.cerintha.com>
To: memphis_ms@gmx.net
Cc: freebsd-security@freebsd.org
Subject: Re: unknown process
In-Reply-To: <3ADEFE00.812EA0A3@gmx.net>
References: <200104190241.AA00733@fukuda.alles.ad.jp> <20010418200223.A42227@xor.obsecurity.org> <3ADEFE00.812EA0A3@gmx.net>
Reply-To: scheidell@fdma.com
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

In local.freebsd.security, you wrote:
>>
>> Take your system off the net and check it for signs of intrusion.
>>
>> Kris
>
>Just a quick question: How does one check for signs of intrusion. The FreeBSD
>handbook does not really talk a lot about this.
>Is there a good documentation about this?
>

see my sig below:

-- 
Michael Scheidell
Florida Datamation, Inc.
scheidell@fdma.com 1+(561) 368-9561
Internet Security and Consulting
See updated IT Security News at http://www.fdma.com/
After system Compromise : http://www.cert.org/tech_tips/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message