Date: Tue, 10 Dec 1996 21:05:53 -0500 (EST) From: Brian Tao <taob@io.org> To: Dev Chanchani <dev@trifecta.com> Cc: FREEBSD-SECURITY-L <freebsd-security@freebsd.org> Subject: Re: URGENT: Packet sniffer found on my system Message-ID: <Pine.BSF.3.95.961210204050.9494B-100000@nap.io.org> In-Reply-To: <Pine.BSF.3.91.961210162340.10896L-100000@www.trifecta.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, 10 Dec 1996, Dev Chanchani wrote:
>
> Okay,
> ..so.. you found a sniffer from a rootkit package..
> ....<drum roll>
> ...... you're rootkit'ed.
I found none of the trojans or other telltales signs of rootkit on
the compromised systems. The user's home directory didn't have any of
the source files left when I checked, just the sniffit binary. I'm
familiar with the rootkit distribution, and none of it (besides the
packet sniffer) appears to have been installed here.
> Expire all the passwords and re-install all the system binaries and
> hopefully he will go away.
All staff have been notified to cycle their passwords. What to do
with the user base is an entirely different matter...
--
Brian Tao (BT300, taob@io.org, taob@ican.net)
Senior Systems and Network Administrator, Internet Canada Corp.
"Though this be madness, yet there is method in't"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.961210204050.9494B-100000>