Date: Thu, 14 Nov 1996 16:57:35 +0100 (MET) From: Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de> To: froden@bigblue.no Cc: questions@FreeBSD.org Subject: Re: Hackers? Message-ID: <199611141557.QAA08936@gilberto.physik.rwth-aachen.de> In-Reply-To: <199611141447.PAA02691@login.bigblue.no> from Frode Nordahl at "Nov 14, 96 03:47:56 pm"
next in thread | previous in thread | raw e-mail | index | archive | help
> Last night, one of our FreeBSD 2.1.5 machines rebooted. There is no entry of it in the messages file, but the lastlog says this > > xxx ttyp0 xxxx Thu Nov 14 02:11 - 02:13 (00:01) > reboot ~ Thu Nov 14 02:01 > xxxx ttyp7 xxxxxxxxx Thu Nov 14 00:36 - 00:44 (00:07) > > (Usernames and hostnames of the entry above/under are scratched out...) I assume that *you* scratched out the usernames in your posting rather than the presumed hacker in the wtmp file :-) /etc/daily starts (normally) at 2 o'clock a.m. so I assume it has been some system flakyness (hardware) that caused your system to reboot. I've seen reboots as well sometimes which were not initiated by a user and were not flagged as crash. > > As you can see, no one was logged on at the time. The messages file has noe entries of the activity other than the kernel > startupmessages. > > Can a FreeBSD box do this of itself if it gets into trouble? Memory fault, disk fault or something like that? Or do we have reason > to believe this is hacker activity? > > In any case, what should we do?? > > --Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611141557.QAA08936>