From owner-freebsd-security@FreeBSD.ORG  Sun Jan 15 21:41:01 2006
Return-Path: <owner-freebsd-security@FreeBSD.ORG>
X-Original-To: freebsd-security@freebsd.org
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 0C30A16A41F
	for <freebsd-security@freebsd.org>;
	Sun, 15 Jan 2006 21:41:01 +0000 (GMT)
	(envelope-from dev@unixdaemon.org)
Received: from spatula.dreamhost.com (spatula.dreamhost.com [66.33.205.9])
	by mx1.FreeBSD.org (Postfix) with ESMTP id C665043D45
	for <freebsd-security@freebsd.org>;
	Sun, 15 Jan 2006 21:41:00 +0000 (GMT)
	(envelope-from dev@unixdaemon.org)
Received: from [192.168.1.100] (cpe-24-24-83-9.stny.res.rr.com [24.24.83.9])
	by spatula.dreamhost.com (Postfix) with ESMTP id EC7D57F04C;
	Sun, 15 Jan 2006 13:40:59 -0800 (PST)
From: Dev Tugnait <dev@unixdaemon.org>
To: Igor Roshchin <str@komkon.org>, freebsd-security@freebsd.org
In-Reply-To: <200601152132.k0FLW6Of097758@trantor.komkon.org>
References: <200601152132.k0FLW6Of097758@trantor.komkon.org>
Content-Type: text/plain
Date: Sun, 15 Jan 2006 16:40:57 -0500
Message-Id: <1137361258.2822.59.camel@dracula.transylvania.net>
Mime-Version: 1.0
X-Mailer: Evolution 2.4.2.1 FreeBSD GNOME Team Port 
Content-Transfer-Encoding: 7bit
Cc: 
Subject: Re: Rogue Processes
X-BeenThere: freebsd-security@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
Reply-To: dev@unixdaemon.org
List-Id: "Security issues \[members-only posting\]"
	<freebsd-security.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-security>
List-Post: <mailto:freebsd-security@freebsd.org>
List-Help: <mailto:freebsd-security-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-security>, 
	<mailto:freebsd-security-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Jan 2006 21:41:01 -0000

On Sun, 2006-01-15 at 16:32 -0500, Igor Roshchin wrote:
> Dev,
> 
> You might want to run lsof  and see if that would reveal
> any useful information. 
> 
> I would look for where 
> awt_robot file is started from, and what files/sockets/.. it is using.
> The same is for netstat (just in case it is not the one that came
> with the OS).
> I didn't use FBSD 6.0, but I don't think awt_robot is anything standard
> for this version. There is a Java program with that name out there..
> I guess, you already searched Google for it, didn't you?
> 
> HTH,
> 
> Igor

Yeah i googled it awt_robot is from java although upon googling i came
across random stuff rather than the actual answer. 

lsof | grep netstat
Exit 1


> 
> 
-- 
Dev Tugnait <dev@unixdaemon.org>