From owner-freebsd-questions Mon Feb 12 2:14:30 2001 Delivered-To: freebsd-questions@freebsd.org Received: from obsecurity.dyndns.org (adsl-63-207-60-67.dsl.lsan03.pacbell.net [63.207.60.67]) by hub.freebsd.org (Postfix) with ESMTP id 967F337B67D for ; Mon, 12 Feb 2001 02:14:19 -0800 (PST) Received: by obsecurity.dyndns.org (Postfix, from userid 1000) id 66AFF66B32; Mon, 12 Feb 2001 02:14:18 -0800 (PST) Date: Mon, 12 Feb 2001 02:14:17 -0800 From: Kris Kennaway To: "R . Munden" Cc: freebsd-questions@freebsd.org Subject: Re: looks like the hackers found me Message-ID: <20010212021417.A28413@mollari.cthul.hu> References: <20010212075906.A2C1A9883@bruiser.netorbit.com> <20010212032222.I2340@ripper> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-md5; protocol="application/pgp-signature"; boundary="BOKacYhQ+x31HxR3" Content-Disposition: inline User-Agent: Mutt/1.2.5i In-Reply-To: <20010212032222.I2340@ripper>; from orbitmaster@netorbit.com on Mon, Feb 12, 2001 at 03:22:22AM -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG --BOKacYhQ+x31HxR3 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline On Mon, Feb 12, 2001 at 03:22:22AM -0600, R . Munden wrote: > ..what do you think? I was having alot of problems with BIND earlier > today and yesterday. What version of BIND are you running? If it's not a vulnerable one (see Security Advisory 01:18), then I doubt it was this :-) > On 2001.02.12 01:59:06 -0600 Charlie Root wrote: > checking setuid files and devices: > Bus error - core dumped > Bus error - core dumped > Bus error - core dumped > Bus error - core dumped > cmp: EOF on /var/run/_secure.11658 Check /var/log/messages to see what was actually dumping core. The find(1) job didn't complete, which is why the list below shows a whole lot of files "disappearing" and not being replaced by anything (i.e. the list of files it was comparing to was empty). > < 109319 -r-xr-sr-x 1 root operator 56964 Sep 25 19:01:23 2000 /bin/df > < 109332 -r-sr-xr-x 1 root wheel 319336 Sep 25 19:06:43 2000 /bin/rcp > < 54669 -r-xr-sr-x 1 root kmem 62800 Sep 25 19:02:38 2000 > /sbin/ccdconfig ... Kris --BOKacYhQ+x31HxR3 Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.4 (FreeBSD) Comment: For info see http://www.gnupg.org iD8DBQE6h7d5Wry0BWjoQKURAo/2AKDww/bPWg2UwIPrCBG+wMBX0Ep+JgCgrRaV v9D7beq5OIeXIsnowutD+po= =8eUN -----END PGP SIGNATURE----- --BOKacYhQ+x31HxR3-- To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message