Date: Tue, 10 Dec 1996 18:33:29 -0800 From: obrien@NUXI.com (David E. O'Brien) To: taob@io.org (Brian Tao) Cc: freebsd-security@freebsd.org Subject: Re: URGENT: Packet sniffer found on my system Message-ID: <Mutt.19961210183329.obrien@relay.nuxi.com> In-Reply-To: <Pine.BSF.3.95.961210201448.9494A-100000@nap.io.org>; from Brian Tao on Dec 10, 1996 20:40:46 -0500 References: <Pine.LNX.3.91.961210180228.1525A-100000@janus.saturn.net> <Pine.BSF.3.95.961210201448.9494A-100000@nap.io.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Brian Tao writes:
> I did find the following three files on one of the shell servers,
> which suggests the original compromise started there:
>
> -rw-r--r-- speff/user 2363 Dec 1 17:37 1996 usr/include/net/nit_buf.h
> -rw-r--r-- speff/user 2628 Dec 1 17:37 1996 usr/include/net/nit_if.h
> -rw-r--r-- speff/user 3016 Dec 1 17:37 1996 usr/include/sys/stropts.h
Hum... these are from SunOS 4.1.3_U1:
ls -l /usr/include/net
-r--r--r-- 1 root 2363 Jan 20 1994 nit_buf.h
-r--r--r-- 1 root 2628 Jan 20 1994 nit_if.h
ls -l /usr/include/sys
-r--r--r-- 1 root 3016 Jan 20 1994 stropts.h
Hum.. wonder what he was doing with these files. I can't see where they
would be any use on a FreeBSD box.
--
-- David (obrien@cs.ucdavis.edu)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Mutt.19961210183329.obrien>