Date: Mon, 12 Feb 2001 18:27:05 -0600 From: David Kelly <dkelly@hiwaay.net> To: "R . Munden" <orbitmaster@netorbit.com> Cc: freebsd-questions@FreeBSD.ORG Subject: Re: looks like the hackers found me Message-ID: <200102130027.f1D0R5N17494@grumpy.dyndns.org> In-Reply-To: Message from "R . Munden" <orbitmaster@netorbit.com> of "Mon, 12 Feb 2001 04:35:56 CST." <20010212043556.K2340@ripper>
next in thread | previous in thread | raw e-mail | index | archive | help
"R . Munden" writes: > It was a vulnerable version, I'm up to the new 8.x as of about three hours > ago. What made me think it was a hacker was the fact that the pipe was > filling up with UDP packets. I could have been named acting funky because > of a bad disk. It's almost time for the work day to start here, I'll run > and fsck after the morning phone calls have stopped. Any pointers on > trouble shooting disk sub-system errors? If you have been holed then there is only one way to deal with it. Pull the network wire. Boot to the Live Filesystem CDROM. Write a backup tape of what you think is important. Trash all the fs's and start over. Later when dealing with the backup go slowly and very carefully and verify everything is what you think it is. Meaning "read your source code", as that's the only way you can tell the jerk didn't leave a landmine behind which will let him back in again. Do not restore any executable binaries from the backup and be wary of everything else. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102130027.f1D0R5N17494>