Date: Thu, 27 Aug 1998 12:08:41 -0700 (PDT) From: "Jan B. Koum " <jkb@best.com> To: Gary Palmer <gpalmer@FreeBSD.ORG> Cc: Wilson MacGyver <macgyver@cylatech.com>, security@FreeBSD.ORG Subject: Re: post breakin log Message-ID: <Pine.BSF.4.02A.9808271206230.20306-100000@shell6.ba.best.com> In-Reply-To: <10509.904217819@gjp.erols.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Arggh! I just remembered. Gary is correct If you download netcat it comes with some scripts, bnc is one of them. It will listen on a port and upon connect will drop you in to shell as root. Please do: # netstat -an | grep LIST and check to make sure you know what all the ports are. If I'd be you I'd re-install since who knows what you at going with crontab, at, mail aliases, etc. -- Yan www.best.com/~jkb/ Unix users of the world unite: www.{free,open,net}bsd.org | www.linux.org | www.apache.org | www.perl.com "Turn up the lights, I don't want to go home in the dark." On Thu, 27 Aug 1998, Gary Palmer wrote: >Wilson MacGyver wrote in message ID ><199808270538.BAA01341@armitage.cylatech.com>: >> From the log, it seem he is very knowledgeable about FreeBSD. >> though I must admit, I don't get why he makes the /dev/sync. >> also, I don't know what the deal with the bnc* stuff > >Where better to hide something than in a directory filled with stuff no-one >looks at? And even if they did look at, then they'd never remember if it was >there or not before :) > >bnc is probably a backdoor program running on a different port > >Gary >-- >Gary Palmer FreeBSD Core Team Member >FreeBSD: Turning PC's into workstations. See http://www.FreeBSD.ORG/ for info > > > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.4.02A.9808271206230.20306-100000>