From owner-freebsd-net Mon Dec 18 10:58:57 2000 From owner-freebsd-net@FreeBSD.ORG Mon Dec 18 10:58:55 2000 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from atro.pine.nl (atro.pine.nl [213.156.0.2]) by hub.freebsd.org (Postfix) with ESMTP id C77B937B402 for ; Mon, 18 Dec 2000 10:58:54 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by atro.pine.nl (8.11.1/8.11.1) with ESMTP id eBIIwiC05667; Mon, 18 Dec 2000 19:58:44 +0100 (MET) Date: Mon, 18 Dec 2000 19:58:44 +0100 (MET) From: Mark Lastdrager To: "Zaitsau, Andrei" Cc: Subject: Re: Hacked computer In-Reply-To: <054F7DAA9E54D311AD090008C74CE9BD01F1E7CB@exchange.panasonicfa.com> Message-ID: X-NCC-RegID: nl.pine MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org At Mon, 18 Dec 2000, owner-freebsd-net@FreeBSD.ORG wrote: >Hello everyone, >I have a problem, in the morning someone hacked into my computer at home. It >is ADSL Gateway running FreeBSD 3.4 , root password is changed by hacker. >Can anyone tell where on the system I can find some tracks of a hacker? >What should I check first? >Which log files? >Anyone? Please? >Thanks. Check this excellent document: http://www.cert.org/nav/recovering.html And please ask your question again on the incidents mailinglist (http://www.securityfocus.com/forums/incidents/intro.html) as it's offtopic here IMHO. Mark Lastdrager -- Pine Internet BV :: tel. +31-70-3111010 :: fax. +31-70-3111011 PGP 92BB81D1 fingerprint 0059 7D7B C02B 38D2 A853 2785 8C87 3AF1 Today's excuse: Well fix that in the next (upgrade, update, patch release, service pack). To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message