Date: Sat, 22 Aug 1998 00:04:40 -0500 From: George Vagner <vagner@vagner.com> To: djv@bedford.net Cc: Laszlo Vagner <vagner@mutsgo.kf7nn.com>, questions@FreeBSD.ORG Subject: Re: wierd Message-ID: <35DE5168.8DF53FD@vagner.com> References: <199808220214.WAA05785@lucy.bedford.net>
next in thread | previous in thread | raw e-mail | index | archive | help
there was no access to the console other than myself ever. how could someone install a root kit without root access. CyberPeasant wrote: > > Laszlo Vagner wrote: > > what could this be? > > > > i understand the first 2 failed attempts to login but > > a login from my own machine??? localhost? with 00's and not OO's > > > > > > > > Aug 20 23:04:28 mutsgo login: 1 LOGIN FAILURE FROM er4.rutgers.edu > > Aug 20 23:04:28 mutsgo login: 1 LOGIN FAILURE FROM er4.rutgers.edu, kk7ax > > Aug 20 23:10:37 mutsgo login: 2 LOGIN FAILURES FROM localhost > > Aug 20 23:10:37 mutsgo login: 2 LOGIN FAILURES FROM localhost, r00t > > > > Somebody's messing with you. > > I bet a script kid got in between 23:04 and 23:10, installed a bogus > root kit, and tried to login as r00t. This is a common h4x0r misspelling. > > time for an audit. > > Dave > -- > Confutatis maledictis, flammis acribus addictis. > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?35DE5168.8DF53FD>