Date: Thu, 27 Aug 1998 05:18:10 -0700 (PDT) From: "Timothy R. Platt" <tplatt@nethampton.com> To: Nicholas Charles Brawn <ncb05@uow.edu.au> Cc: security@FreeBSD.ORG Subject: Re: post breakin log Message-ID: <v04003a00b20ac5baa348@[204.141.112.245]> In-Reply-To: <Pine.SOL.4.02A.9808271729290.11785-100000@banshee.cs.uow.edu.au> References: <199808270538.BAA01341@armitage.cylatech.com>
next in thread | previous in thread | raw e-mail | index | archive | help
>On Thu, 27 Aug 1998, Wilson MacGyver wrote: > >> Hi guys, >> >> My FreeBSD box get hacked about two days ago... yes yes, via the popper. >> I reinstalled the system, but saved the log. I was looking through to >> see what he has done. There is some stuff you may find interesting... >> >> the log from history follows. >> >> >From the log, it seem he is very knowledgeable about FreeBSD. >> though I must admit, I don't get why he makes the /dev/sync. >> also, I don't know what the deal with the bnc* stuff bnc, or bounce, allows people to bounce irc sessions off your server.. ie they sit at home with their mirc running, connect to your machine which relays to an irc server.. thus producing your.compromised.server.com as their hostname on irc. Funny thing is, if you have any decent logging, you can log their IP. Tim To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?v04003a00b20ac5baa348>