Date: Tue, 13 Nov 2001 18:54:52 +0100 From: Axel Scheepers <axel@axel.truedestiny.net> To: John Baldwin <jhb@FreeBSD.org> Cc: Stefan Probst <stefan.probst@opticom.v-nam.net>, Rob Hurle <rob@coombs.anu.edu.au>, freebsd-security@FreeBSD.ORG Subject: Re: Adore worm Message-ID: <20011113185452.B19098@mars.thuis> In-Reply-To: <XFMail.011113092233.jhb@FreeBSD.org>; from jhb@FreeBSD.org on Tue, Nov 13, 2001 at 09:22:33AM -0800 References: <5.1.0.14.2.20011114000437.02050a70@MailServer> <XFMail.011113092233.jhb@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Best thing to do is to 'pull the plug' immediately (your net connection). Backup up the machine for later inspection, then reinstall fBSD and if you got a seprate data backup put that back. Then you might put the previous made backup on a clean machine for inspection. Usual vulnerable things like telnet, ftp etc. is a good place to start looking for in your logs. (In case you didn't block them) Gr, Axel On Tue, Nov 13, 2001 at 09:22:33AM -0800, John Baldwin wrote: > X-Mailer: XFMail 1.4.0 on FreeBSD > Date: Tue, 13 Nov 2001 09:22:33 -0800 (PST) > From: John Baldwin <jhb@FreeBSD.org> > To: Stefan Probst <stefan.probst@opticom.v-nam.net> > Subject: RE: Adore worm > Cc: Rob Hurle <rob@coombs.anu.edu.au>, freebsd-security@FreeBSD.ORG > > > On 13-Nov-01 Stefan Probst wrote: > > Good Evening, > > > > sorry for newbie-posting, but I don't have too much time to sift through > > archives.... > > > > Looks like my FreeBSD 4.2 Box (FreeBSD 4.2-RELEASE (GENERIC)) got hit by a > > worm - or infested by purpose: > > It's a rootkit, and your box has been compromised. Backup your data and > reinstall unless someone else has a better idea. > > -- > > John Baldwin <jhb@FreeBSD.org> -- http://www.FreeBSD.org/~jhb/ > "Power Users Use the Power to Serve!" - http://www.FreeBSD.org/ > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message -- Axel Scheepers UNIX System Administrator email: axel@axel.truedestiny.net ascheepers@vianetworks.nl http://axel.truedestiny.net/~axel ------------------------------------------ "I can't complain, but sometimes I still do." -- Joe Walsh ------------------------------------------ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011113185452.B19098>