From owner-freebsd-security Thu Aug 23 3:22:29 2001 Delivered-To: freebsd-security@freebsd.org Received: from hq1.tyfon.net (hq1.tyfon.net [217.27.162.35]) by hub.freebsd.org (Postfix) with ESMTP id 2974137B408 for ; Thu, 23 Aug 2001 03:22:26 -0700 (PDT) (envelope-from dl@tyfon.net) Received: from localhost (localhost [127.0.0.1]) by hq1.tyfon.net (Postfix) with ESMTP id 03B7A1C7F0; Thu, 23 Aug 2001 12:22:19 +0200 (CEST) Received: from localhost (localhost [127.0.0.1]) by hq1.tyfon.net (Postfix) with ESMTP id 130C41C7F9; Thu, 23 Aug 2001 12:22:18 +0200 (CEST) Date: Thu, 23 Aug 2001 12:22:18 +0200 (CEST) From: Dan Larsson To: titus manea Cc: Subject: Re: Compromised system. In-Reply-To: <20010823130909.A80836@unix.edc.dnttm.ro> Message-ID: <20010823122027.P88176-100000@hq1.tyfon.net> Organization: Tyfon Svenska AB X-NCC-NIC: DL1999-RIPE X-NCC-RegID: se.tyfon MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Virus-Scanned: by hq1.tyfon.net Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org On Thu, 23 Aug 2001, titus manea wrote: | You may ls -F and then you will see ./ ../ . / | The attacker maybe did a mkdir ". "; An easy way to find out what exactly is in the directory one could use the below perl one-liner: % cd /suspiscious/directory % perl -we '$d=".";opendir(D,$d);while($_=readdir(D)){print"($_) "}closedir(D);print"\n"' | Regards +------ Dan Larsson DL1999-RIPE Tyfon Svenska AB | Tel: +46 8 550 120 21 GPG public key | finger dl@hq1.tyfon.net To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message