Date: Wed, 18 Apr 2001 21:24:19 -0600 (MDT) From: "David G. Andersen" <dga@pobox.com> To: kris@obsecurity.org (Kris Kennaway) Cc: fukuda@alles.ad.jp (fukuda shinichi), freebsd-security@FreeBSD.ORG Subject: Re: unknown process Message-ID: <200104190324.VAA14081@faith.cs.utah.edu> In-Reply-To: <20010418200223.A42227@xor.obsecurity.org> from "Kris Kennaway" at Apr 18, 2001 08:02:23 PM
next in thread | previous in thread | raw e-mail | index | archive | help
There was an analysis of this posted to ISN today: http://www.securityfocus.com/templates/archive.pike?list=12&mid=177354 You've been hacked. Do what Kris said immediately - take your system offline, and figure out how they got in. You'll likely need to either restore from backups, a fresh install, or check your tripwire/etc logs to determine what else the intruder changed, if they installed a rootkit, etc. -Dave Lo and behold, Kris Kennaway once said: > > > --NzB8fVQJ5HfG6fxh > Content-Type: text/plain; charset=us-ascii > Content-Disposition: inline > Content-Transfer-Encoding: quoted-printable > > On Thu, Apr 19, 2001 at 11:41:00AM +0900, fukuda shinichi wrote: > > Hi. > >=20 > > I found unknown process name "carko" today. > > This binary find in /usr/share/man/mansps/ddos ,=20 > > and i never made such dir like ddos !! (created Apr 18 18:59). > >=20 > > Is anyone know about this "carko" ?=20 > > And very weird name "ddos" ... please help me. > > Take your system off the net and check it for signs of intrusion. > > Kris > > --NzB8fVQJ5HfG6fxh > Content-Type: application/pgp-signature > Content-Disposition: inline > > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1.0.4 (FreeBSD) > Comment: For info see http://www.gnupg.org > > iD8DBQE63lU/Wry0BWjoQKURAlAwAJ40fYE17MVKQFxzBkbEO4SREtw4tQCeLAjE > BB9A06a+etaWXO+LT/okIks= > =o8HH > -----END PGP SIGNATURE----- > > --NzB8fVQJ5HfG6fxh-- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > -- work: dga@lcs.mit.edu me: dga@pobox.com MIT Laboratory for Computer Science http://www.angio.net/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200104190324.VAA14081>