Date: Fri, 27 Dec 1996 15:23:08 -0500 (EST) From: Snob Art Genre <benedict@echonyc.com> To: dwhite@resnet.uoregon.edu Cc: Matthew Hagerty <matthew@internet1.net>, questions@freebsd.org Subject: Re: Init missing Message-ID: <Pine.SOL.3.91.961227152237.29948C-100000@echonyc.com> In-Reply-To: <Pine.BSI.3.94.961226151610.248B-100000@localhost>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, 26 Dec 1996, Doug White wrote: > On Thu, 26 Dec 1996, Matthew Hagerty wrote: > > > Greetings, > > > > It seems one of my FreeBSD boxes was hacked :( When I came in this > > morning, the screen on my 2.1.6 box was scrolling messages similar to > > this: > > > > Dec 25 02:08:50 ns1 statd[150]: attempt to create > [stuff] > > > > Does anyone know what kind of attack this is and what I should be > > looking for and how to prevent it in the future? Also, when I try to > > boot my FreeBSD box, I get an error: > > > > init not found. > > panic. > > reboot in progress... > > > > Is there any way I can start the system or mount the file systems to > > see what was damaged and/or recover any files? > > I don't know whether this was a hackup or a severe statd failure. > > If init died then most likely your /bin directory is corrupted; you'll > have to try reinstalling. Just MOUNT your filesystems instead of NEWFSing > them, and install the bin distribution again. You'll probably have to > rebuild your kernel as it'll be overwritten. > > You shouldn't lose any data if you do the install properly. Wouldn't he lose /etc? Can he boot from a boot disk first and back up /etc? > Other suggestions welcome. > > Doug White | University of Oregon > Internet: dwhite@resnet.uoregon.edu | Residence Networking Assistant > http://gladstone.uoregon.edu/~dwhite | Computer Science Major > > Ben
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SOL.3.91.961227152237.29948C-100000>