Date: Mon, 19 Feb 2001 13:20:29 -0800 From: Alfred Perlstein <bright@wintelcom.net> To: Andy Kim <andy@internetesl.com> Cc: freebsd-security@FreeBSD.ORG Subject: Re: ICMP floods Message-ID: <20010219132029.P6641@fw.wintelcom.net> In-Reply-To: <007901c09ab9$77d5c720$7300a8c0@DOMAIN>; from andy@internetesl.com on Mon, Feb 19, 2001 at 01:18:12PM -0800 References: <007901c09ab9$77d5c720$7300a8c0@DOMAIN>
next in thread | previous in thread | raw e-mail | index | archive | help
* Andy Kim <andy@internetesl.com> [010219 13:18] wrote: > Some of the servers have been getting hit several times with ICMP > floods from our FreeBSD server and we can't figure out why. They > believe that someone had hacked in and put a trojan on our box. > Is there any way of finding out what's going on and more importantly, > how to fix the problem? Any help would be greatly appreciated as > I am rather new to FreeBSD. First off, please wrap lines at 70 characters. As far as "recovering" this machine, your best bet is to do a backup of all the _data_ (NOT executables) on the mahcine, ie, html, or whatever, then do a complete reinstall. Otherwise you risk a backdoor remaining in the system and wasting even more of your time and reasources. -- -Alfred Perlstein - [bright@wintelcom.net|alfred@freebsd.org] "I have the heart of a child; I keep it in a jar on my desk." To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010219132029.P6641>