Date: Fri, 9 May 2003 17:47:46 -0300 (ART) From: Fernando Gleiser <fgleiser@cactus.fi.uba.ar> To: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net> Cc: freebsd-security@freebsd.org Subject: Re: Hacked? Message-ID: <20030509173844.O50632-100000@cactus.fi.uba.ar> In-Reply-To: <Pine.BSF.4.53.0305091424480.650@e0-0.zab2.int.zabbadoz.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, 9 May 2003, Bjoern A. Zeeb wrote: > > this asumes that truss is ok ;-) perhaps take the truss from your > other 4.7 machine ... Better yet, move the disk to some off-line, clean system and mount the compromised disk there. You don't know if the rootkit messed with the system libraries or if it loaded a KLD. Or boot from CD and use the CD's binaries. Fer
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030509173844.O50632-100000>