From owner-freebsd-security Fri Nov 2 3:30:23 2001 Delivered-To: freebsd-security@freebsd.org Received: from shikima.mine.nu (pc1-card3-0-cust143.cdf.cable.ntl.com [62.252.49.143]) by hub.freebsd.org (Postfix) with ESMTP id 55CE837B401 for ; Fri, 2 Nov 2001 03:30:21 -0800 (PST) Received: from rasputin by shikima.mine.nu with local (Exim 3.33 #1) id 15zcXW-000LCz-00; Fri, 02 Nov 2001 11:31:10 +0000 Date: Fri, 2 Nov 2001 11:31:10 +0000 From: Rasputin To: Ralph Huntington Cc: security@freebsd.org Subject: Re: SubSeven trojan horse Message-ID: <20011102113110.A81496@shikima.mine.nu> Reply-To: Rasputin References: <20011102055342.C92627-100000@mohegan.mohawk.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20011102055342.C92627-100000@mohegan.mohawk.net>; from rjh@mohawk.net on Fri, Nov 02, 2001 at 06:07:20AM -0500 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org * Ralph Huntington [011102 11:15]: > One of our FreeBSD 4.2-RELEASE machines is accused by mynetwatchman.com of > launching a SubSeven trogan horse attach. However, I do not find anything > odd about this machine. > > Is this even possible? I thought subseven was a Windows thing. Can it be > launched from bsd? Thanks. - Ralph Do you proxy for any windows boxes? If so, check your logs. If not, one ofthe users on the box may be playing with nessus or a portscanner, or just telnetting out on the right port to trigger firewalls. -- "I don't like spinach, and I'm glad I don't, because if I liked it I'd eat it, and I just hate it." -- Clarence Darrow Rasputin :: Jack of All Trades - Master of Nuns :: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message