From owner-freebsd-security Thu Aug 27 04:38:29 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id EAA28872 for freebsd-security-outgoing; Thu, 27 Aug 1998 04:38:29 -0700 (PDT) (envelope-from owner-freebsd-security@FreeBSD.ORG) Received: from gjp.erols.com (alex-va-n008c079.moon.jic.com [206.156.18.89]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id EAA28867 for ; Thu, 27 Aug 1998 04:38:27 -0700 (PDT) (envelope-from gjp@gjp.erols.com) Received: from gjp.erols.com (gjp@localhost.erols.com [127.0.0.1]) by gjp.erols.com (8.8.8/8.8.7) with ESMTP id HAA10513; Thu, 27 Aug 1998 07:36:59 -0400 (EDT) (envelope-from gjp@gjp.erols.com) X-Mailer: exmh version 2.0.1 12/23/97 To: Wilson MacGyver cc: security@FreeBSD.ORG From: "Gary Palmer" Subject: Re: post breakin log In-reply-to: Your message of "Thu, 27 Aug 1998 01:38:37 EDT." <199808270538.BAA01341@armitage.cylatech.com> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Thu, 27 Aug 1998 07:36:59 -0400 Message-ID: <10509.904217819@gjp.erols.com> Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Wilson MacGyver wrote in message ID <199808270538.BAA01341@armitage.cylatech.com>: > From the log, it seem he is very knowledgeable about FreeBSD. > though I must admit, I don't get why he makes the /dev/sync. > also, I don't know what the deal with the bnc* stuff Where better to hide something than in a directory filled with stuff no-one looks at? And even if they did look at, then they'd never remember if it was there or not before :) bnc is probably a backdoor program running on a different port Gary -- Gary Palmer FreeBSD Core Team Member FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message