Site Navigation

Date:      Thu, 7 Feb 2002 20:40:16 +0000
From:      hh <hh@dsgx.org>
To:        "Melo" <melo@reklai.com>
Cc:        questions@freebsd.org
Subject:   Re: 4.4-RELEASE-p7 FreeBSD 4.4-RELEASE-p7 problems
Message-ID:  <20020207204016.4966eaf2.hh@dsgx.org>
In-Reply-To: <054901c1b03e$39c61bb0$13c8c8c8@reklai.com>
References:  <20020207200606.2514059d.hh@dsgx.org> <054901c1b03e$39c61bb0$13c8c8c8@reklai.com>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

i don't think so my kernel didn't installed 100% .. thought i had to make -k ..
force it .. any packet should be missing do u know which one ? maybe to turn this on ?

On Fri, 8 Feb 2002 10:16:24 +0900
"Melo" <melo@reklai.com> wrote:

> Box has been compromised, check for Trojans
> 
> Cd /usr/ports/security/chkrootkit
> Make
> Make install
> /usr/local/sbin/chkrootkit
> 
> this will just find any rootkits installed
> 
> 
> 
> -----Original Message-----
> From: owner-freebsd-questions@FreeBSD.ORG
> [mailto:owner-freebsd-questions@FreeBSD.ORG] On Behalf Of hh
> Sent: Friday, February 08, 2002 5:06 AM
> To: questions@FreeBSD.ORG
> Cc: freebsd-security@FreeBSD.ORG
> Subject: 4.4-RELEASE-p7 FreeBSD 4.4-RELEASE-p7 problems
> 
> razordea eggdrop-  1743   14 ?      ?                     ?
> 
> poker    eggdrop-  1732    3 ?      ?                     ?
> 
> poker    eggdrop-  1732    5 ?      ?                     ?
> 
> poker    eggdrop-  1729    3 ?      ?                     ?
> 
> poker    eggdrop-  1729    5 ?      ?                     ?
> 
> penhao   eggdrop-  1706    3 ?      ?                     ?
> 
> penhao   eggdrop-  1706    4 ?      ?                     ?
> 
> penhao   eggdrop-  1706    6 ?      ?                     ?
> 
> penhao   eggdrop-  1704    3 ?      ?                     ?
> 
> penhao   eggdrop-  1704    4 ?      ?                     ?             
> 
> some# netstat -na |more
> Active UNIX domain sockets
> Address  Type   Recv-Q Send-Q    Inode     Conn     Refs  Nextref Addr
> d9bc8d00 stream      0      0        0 d9bc8280        0        0
> /tmp/mysql.soc
> k
> d9bc8280 stream      0      0        0 d9bc8d00        0        0
> d9bc8d80 stream      0      0        0 d9bc8580        0        0
> /tmp/mysql.soc
> k
> d9bc8580 stream      0      0        0 d9bc8d80        0        0
> 
> what's going on ? i can't see who's connect from anywhere to anywhere ..
> i have an
>  4.4-RELEASE-p7 FreeBSD 4.4-RELEASE-p7
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 
> 
> ______________________________________
> Certified Virus Free Email
> http://www.reklai.com
> 
> 

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020207204016.4966eaf2.hh>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact