Date: Fri, 2 Nov 2001 06:41:56 -0500 (EST) From: Ralph Huntington <rjh@mohawk.net> To: Rasputin <rasputin@submonkey.net> Cc: <security@freebsd.org> Subject: Re: SubSeven trojan horse Message-ID: <20011102063909.T92627-100000@mohegan.mohawk.net> In-Reply-To: <20011102113110.A81496@shikima.mine.nu>
next in thread | previous in thread | raw e-mail | index | archive | help
> > One of our FreeBSD 4.2-RELEASE machines is accused by mynetwatchman.com of > > launching a SubSeven trogan horse attach. However, I do not find anything > > odd about this machine. > > > > Is this even possible? I thought subseven was a Windows thing. Can it be > > launched from bsd? Thanks. - Ralph > > Do you proxy for any windows boxes? If so, check your logs. If not, > one ofthe users on the box may be playing with nessus or a > portscanner, or just telnetting out on the right port to trigger > firewalls. No proxy service, no users even! Perhaps the real attacker spoofed one of our addresses. Thanks. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011102063909.T92627-100000>