Date: Tue, 10 Dec 1996 18:33:29 -0800 From: obrien@NUXI.com (David E. O'Brien) To: taob@io.org (Brian Tao) Cc: freebsd-security@freebsd.org Subject: Re: URGENT: Packet sniffer found on my system Message-ID: <Mutt.19961210183329.obrien@relay.nuxi.com> In-Reply-To: <Pine.BSF.3.95.961210201448.9494A-100000@nap.io.org>; from Brian Tao on Dec 10, 1996 20:40:46 -0500 References: <Pine.LNX.3.91.961210180228.1525A-100000@janus.saturn.net> <Pine.BSF.3.95.961210201448.9494A-100000@nap.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Tao writes: > I did find the following three files on one of the shell servers, > which suggests the original compromise started there: > > -rw-r--r-- speff/user 2363 Dec 1 17:37 1996 usr/include/net/nit_buf.h > -rw-r--r-- speff/user 2628 Dec 1 17:37 1996 usr/include/net/nit_if.h > -rw-r--r-- speff/user 3016 Dec 1 17:37 1996 usr/include/sys/stropts.h Hum... these are from SunOS 4.1.3_U1: ls -l /usr/include/net -r--r--r-- 1 root 2363 Jan 20 1994 nit_buf.h -r--r--r-- 1 root 2628 Jan 20 1994 nit_if.h ls -l /usr/include/sys -r--r--r-- 1 root 3016 Jan 20 1994 stropts.h Hum.. wonder what he was doing with these files. I can't see where they would be any use on a FreeBSD box. -- -- David (obrien@cs.ucdavis.edu)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Mutt.19961210183329.obrien>