From owner-freebsd-security Sun Aug 19 23:15:33 2001 Delivered-To: freebsd-security@freebsd.org Received: from thunder.shellsandhosting.com (shellsandhosting.com [64.39.176.9]) by hub.freebsd.org (Postfix) with ESMTP id A4D4637B401 for ; Sun, 19 Aug 2001 23:15:28 -0700 (PDT) (envelope-from admin@shellsandhosting.com) Received: from critter (critter [10.0.0.2]) by thunder.shellsandhosting.com (8.11.5/8.11.3) with SMTP id f7K6FOh77681; Mon, 20 Aug 2001 06:15:24 GMT (envelope-from admin@shellsandhosting.com) Message-ID: <000901c1293f$6af67620$0200000a@critter> From: "ShellsAndHosting.com Administration" To: "Chris BeHanna" Cc: References: Subject: Re: Rooted Date: Mon, 20 Aug 2001 02:14:43 -0400 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org Hi, Install /usr/ports/secuity/chkrootkit, run it an see what you come up with before anything. Regards, Jason admin@shellsandhosting.com ----- Original Message ----- From: "Chris BeHanna" To: Sent: Sunday, August 19, 2001 10:38 PM Subject: Re: Rooted > On Sun, 19 Aug 2001, Rami AlZaid wrote: > > > At 12:26 AM 8/19/2001, you wrote: > > >You may also be backdoored; if you weren't running something like tripwire > > >to catch changes in your system files, you may want to go ahead and > > >re-install FreeBSD entirely. May not be necessary, but it shouldn't hurt. > > > > Would deleting /usr/src, cvsuping all the source, making world and > > replacing all the files in /usr/local/etc and /etc remove the > > backdoors? or is it necessary to wipe the hard disk and install > > everything all over again? > > Are you certain that gcc wasn't backdoored, or install, or > what-have-you? > > That's one reason among many that you need to wipe the disk and > start over, then install tripwire and chkrootkit the next time around. > > -- > Chris BeHanna > Software Engineer (Remove "bogus" before responding.) > behanna@bogus.zbzoom.net > I was raised by a pack of wild corn dogs. > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message