Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 13 Apr 2004 23:18:35 -0700
From:      Kris Kennaway <>
To:        dave <>
Subject:   Re: have i been hacked?
Message-ID:  <>
In-Reply-To: <000001c421de$6c67ba10$0200a8c0@satellite>
References:  <000001c421de$6c67ba10$0200a8c0@satellite>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help

Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline

On Wed, Apr 14, 2004 at 12:51:06AM -0400, dave wrote:
> Hello,
>     Wondering if a system on my network has been hacked? At approx 12:30
> this evening the hard disk went crazy, i have been out of town lately and
> have not checked any of the machines, when i did the CPU usage was at 15%
> which on this machine it never gets above 1 maybe 1.5. So i looked, and i
> had nearly 150 processes on the box, 9 running. When i got the daily run
> output i noticed the setuid files have changed. Wondering if this box got
> hacked and if so where to look to confirm this? And if so, what to do?
> Thanks.
> Dave.

This is what you'd expect if someone did a 'make world' on that box -
are you sure there were no other admins online who might have rebuilt
or updated it?  If so, then something stranger is going on.


Content-Type: application/pgp-signature
Content-Disposition: inline

Version: GnuPG v1.2.4 (FreeBSD)



Want to link to this message? Use this URL: <>