From owner-freebsd-security  Thu Aug  1  5:58:36 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 6A21437B407
	for <security@freebsd.org>; Thu,  1 Aug 2002 05:58:29 -0700 (PDT)
Received: from yoda.bph.ruhr-uni-bochum.de (yoda.bph.ruhr-uni-bochum.de [134.147.196.7])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2572943E4A
	for <security@freebsd.org>; Thu,  1 Aug 2002 05:58:28 -0700 (PDT)
	(envelope-from cwe@bph.ruhr-uni-bochum.de)
Received: from gonzo (gonzo [134.147.196.22])
	by yoda.bph.ruhr-uni-bochum.de (8.8.8/8.8.8) with SMTP id OAA04090;
	Thu, 1 Aug 2002 14:58:26 +0200
From: Christoph Wegener <cwe@bph.ruhr-uni-bochum.de>
To: "Naga Suresh B" <torvalds@addr.com>
Cc: security@freebsd.org
Date: Thu, 01 Aug 2002 14:58:26 +0200
X-Priority: 3 (Normal)
Organization: Lehrstuhl fuer Biophysik - Ruhr-Universitaet Bochum 
In-Reply-To: <016301c23957$7d8436f0$9600a8c0@blraddrcom>
Message-Id: <VPFBZV05TPCBURA71E1XUKEGF4RO.3d493072@gonzo>
Subject: Re: openssh-3.4p1.tar.gz trojaned
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
X-Mailer: Opera 6.04 build 1135
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hi,
what do you mean?!? If you mean if another trojaned host will attack you I can say that the trojan code we saw this morning has an 
hardcoded IP address (203.62.158.32:6667, which is secured now) so you will be safe - at least for now... If you mean how you can find 
out if your host was trojaned please read the archived mails from today...

Cheers
Christoph

1.8.2002 14:32:22, "Naga Suresh B" <torvalds@addr.com> wrote:

>how we can findout that trojaned attacked our server or not.
--
    .-.                             Ruhr-Universitaet Bochum
    /v\    L   I   N   U   X        Lehrstuhl fuer Biophysik
   // \\  >Penguin Computing<       c/o Christoph Wegener
  /(   )\                           Gebaeude ND 04/Nord
   ^^-^^                            D-44780 Bochum, GERMANY

Tel: +49 (234) 32-25754             Fax: +49 (234) 32-14626
mailto:cwe@bph.ruhr-uni-bochum.de   http://www.bph.ruhr-uni-bochum.de





To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message