Date: Sat, 12 Jun 2004 14:39:21 +0200 From: "Peter Rosa" <prosa@pro.sk> To: "Lupe Christoph" <lupe@lupe-christoph.de> Cc: FreeBSD Security <freebsd-security@freebsd.org> Subject: Re: Hacked or not ? Message-ID: <01b701c4507a$49399840$3501a8c0@pro.sk> References: <016301c4506e$947644e0$3501a8c0@pro.sk> <20040612114700.GA1082@lupe-christoph.de>
next in thread | previous in thread | raw e-mail | index | archive | help
Yes, it runs Tripwire. There is nothing unusual in it's logs. I wanted to have some sureness. That message NEVER apeared on that machine before and chkrootkit is running about one year. In the same time I found some trojans originating from web sites on another Windoze machine on my network. So I got scared if my router couldn't be hacked. May be, the "LKM" message was done because of some process terminated as you wrote. It's also used as a mailserver with AV daemons, so there are such "temporary" processes. But what about the /var/log/messages logs absence ? And, how to test the machine, if it is healthy ? Peter Rosa P.S Sorry, if this is not the PROPER list, but I'm a member of few another lists and this one seems as proper as possible for me. It's about SECURITY, isn't it ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?01b701c4507a$49399840$3501a8c0>