Date: Thu, 28 Oct 2004 21:13:34 +0000 From: Daniela <dgw@liwest.at> To: questions@freebsd.org Subject: Strange file appeared in my home directory Message-ID: <200410282113.34529.dgw@liwest.at>
next in thread | raw e-mail | index | archive | help
I noticed a file called "regs" in my home directory (which is 21 megs in size) and I have no clue where it comes from. The file format is not recognized by any of the common tools. The creation date was about four days ago, so if I created it, I would have remembered. I looked at the file with the hexeditor and it seems to consist of lots of four-byte values which look like addresses on the stack of an application. About half an hour before the creation date there were numerous failed login attempts on the SSH port (all from the same IP), but my logs didn't show any signs of an intrusion. However, I suspect that I've been hacked. There was another strange occurence: Yesterday my internet connection went down without a particular reason. I tested a few other configurations and rebooted multiple times, and after the fifth reboot (with the usual settings restored) it suddenly worked again. There seem to be no unusual processes running, but when I'm hacked, I can't trust the tools on my system any more. Also there were quite a few crashes. Has anyone seen this file too? In case anyone wants to know, the offending IP was 200.84.78.83. Regards, Daniela
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200410282113.34529.dgw>