Date: Thu, 27 Aug 1998 12:08:41 -0700 (PDT) From: "Jan B. Koum " <jkb@best.com> To: Gary Palmer <gpalmer@FreeBSD.ORG> Cc: Wilson MacGyver <macgyver@cylatech.com>, security@FreeBSD.ORG Subject: Re: post breakin log Message-ID: <Pine.BSF.4.02A.9808271206230.20306-100000@shell6.ba.best.com> In-Reply-To: <10509.904217819@gjp.erols.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Arggh! I just remembered. Gary is correct If you download netcat
it comes with some scripts, bnc is one of them. It will listen on a port
and upon connect will drop you in to shell as root. Please do:
# netstat -an | grep LIST
and check to make sure you know what all the ports are. If I'd be you I'd
re-install since who knows what you at going with crontab, at, mail
aliases, etc.
-- Yan
www.best.com/~jkb/ Unix users of the world unite:
www.{free,open,net}bsd.org | www.linux.org | www.apache.org | www.perl.com
"Turn up the lights, I don't want to go home in the dark."
On Thu, 27 Aug 1998, Gary Palmer wrote:
>Wilson MacGyver wrote in message ID
><199808270538.BAA01341@armitage.cylatech.com>:
>> From the log, it seem he is very knowledgeable about FreeBSD.
>> though I must admit, I don't get why he makes the /dev/sync.
>> also, I don't know what the deal with the bnc* stuff
>
>Where better to hide something than in a directory filled with stuff no-one
>looks at? And even if they did look at, then they'd never remember if it was
>there or not before :)
>
>bnc is probably a backdoor program running on a different port
>
>Gary
>--
>Gary Palmer FreeBSD Core Team Member
>FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info
>
>
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message
>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9808271206230.20306-100000>