From owner-freebsd-questions Mon Feb 12 16:27:18 2001 Delivered-To: freebsd-questions@freebsd.org Received: from grumpy.dyndns.org (user-24-214-56-129.knology.net [24.214.56.129]) by hub.freebsd.org (Postfix) with ESMTP id 7182937B65D for ; Mon, 12 Feb 2001 16:27:14 -0800 (PST) Received: from localhost (localhost [127.0.0.1]) by grumpy.dyndns.org (8.11.1/8.11.1) with ESMTP id f1D0R5N17494; Mon, 12 Feb 2001 18:27:09 -0600 (CST) (envelope-from dkelly@grumpy.dyndns.org) Message-Id: <200102130027.f1D0R5N17494@grumpy.dyndns.org> X-Mailer: exmh version 2.3.1 01/18/2001 with nmh-1.0.4 To: "R . Munden" Cc: freebsd-questions@FreeBSD.ORG From: David Kelly Subject: Re: looks like the hackers found me In-reply-to: Message from "R . Munden" of "Mon, 12 Feb 2001 04:35:56 CST." <20010212043556.K2340@ripper> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Mon, 12 Feb 2001 18:27:05 -0600 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG "R . Munden" writes: > It was a vulnerable version, I'm up to the new 8.x as of about three hours > ago. What made me think it was a hacker was the fact that the pipe was > filling up with UDP packets. I could have been named acting funky because > of a bad disk. It's almost time for the work day to start here, I'll run > and fsck after the morning phone calls have stopped. Any pointers on > trouble shooting disk sub-system errors? If you have been holed then there is only one way to deal with it. Pull the network wire. Boot to the Live Filesystem CDROM. Write a backup tape of what you think is important. Trash all the fs's and start over. Later when dealing with the backup go slowly and very carefully and verify everything is what you think it is. Meaning "read your source code", as that's the only way you can tell the jerk didn't leave a landmine behind which will let him back in again. Do not restore any executable binaries from the backup and be wary of everything else. -- David Kelly N4HHE, dkelly@hiwaay.net ===================================================================== The human mind ordinarily operates at only ten percent of its capacity -- the rest is overhead for the operating system. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message