From owner-freebsd-questions Mon Dec 18 12:37:51 2000 From owner-freebsd-questions@FreeBSD.ORG Mon Dec 18 12:37:46 2000 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from marlo.eagle.ca (marlo.eagle.ca [209.167.16.10]) by hub.freebsd.org (Postfix) with ESMTP id 88D8737B6EE for ; Mon, 18 Dec 2000 12:37:41 -0800 (PST) Received: from phantom (phantom.eagle.ca [209.167.16.15]) by marlo.eagle.ca (8.11.0/8.11.0) with SMTP id eBIKXam09632; Mon, 18 Dec 2000 15:33:36 -0500 (EST) (envelope-from freymann@eagle.ca) Reply-To: From: "Gerald T. Freymann" To: "Alexander V P" Cc: "Questions" Subject: RE: Hacker history file - OUCH Date: Mon, 18 Dec 2000 15:37:20 -0500 Message-ID: MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0) Importance: Normal X-MimeOLE: Produced By Microsoft MimeOLE V5.00.3018.1300 In-Reply-To: Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG |O|> do you keep/have logs about what ftp transfers he did? No. We don't log much of the FTP activity at all. |O|> did you send mail to root@he.net, or .mx domain? Yes to the he.net domain, the .mx is next (I had to run out on a service call!) |O|> any idea how he break in? None. I'm about to run Tripwire. I haven't run it in a long while. Should be interesting. Someone was on the machine last year and they like to use the "amanda" user for some reason. |O|> what freebsd you're using? This is an older box. FreeBSD 2.2.5. I'm working on a replacement box right now actually, going to FreeBSD 4.1.2 with RAID1. Guess I should get hopping. -Gerry To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message