Date: Thu, 23 Aug 2001 10:34:12 -0400 From: "Mike" <wacky@blinx.net> To: <security@freebsd.org>, "Stefanos Kiakas" <stefanos@e-scape.net> Subject: Re: Compromised system. Message-ID: <00c701c12be0$ae04bfa0$0700a8c0@com.home.com> References: <200108231554.LAA96346@corp.e-scape.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Try doing, cd "./" or "." or "/." one of those. ----- Original Message ----- From: "Stefanos Kiakas" <stefanos@e-scape.net> To: <security@freebsd.org> Sent: Thursday, August 23, 2001 11:54 AM Subject: Compromised system. > > Hello, > > I was recently investigating a systems that may > be compromised. The reason I say this is because of the > following entries in the output of the ps -ax command. > > PID TT STAT TIME COMMAND > 0 ?? DLs 0:04.35 (swapper) > 1 ?? ILs 0:00.07 /sbin/init -- > 48474 ?? S 0:00.00 ./klogd > 79612 ?? I 0:00.00 ./klogd > 79613 ?? S 25:46.29 ./klogd > 79623 ?? D 901:01.50 ./init 45 1103527590.log > > > And the /tmp directory contains 2 . entries with approximately > 92M in the second one. > > 123# cd /tmp > 123# ls -al > total 23 > drwxrwxrwt 3 root wheel 512 Aug 23 16:39 . > drwxr-xr-x 2 root wheel 512 Aug 3 11:48 . > drwxr-xr-x 20 root wheel 512 Apr 4 04:46 .. > > How do I access the second . directory to see what > is in it? I have tried everything I can thing of but > I cannot list any of the contents. > > Please cc me at stefanos@e-scape.net. > > Thank you, > > Stefanos Kiakas > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?00c701c12be0$ae04bfa0$0700a8c0>