Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 18 Oct 2001 16:44:02 +0000
From:      jslivko@4evermail.com <jslivko@4evermail.com>
To:        <kstewart@owt.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: I got hacked, I think
Message-ID:  <20011018204256.9B25637B403@hub.freebsd.org>
next in thread | raw e-mail | index | archive | help 
Not to mention there is a new release out, 4.4 :)
-- Jonathan

--- Kent Stewart <kstewart@owt.com> wrote:
> 
> 
> Tomek wrote:
> > 
> > I found out more info.
> > 
> > -rw-r--r--   1 Broot  wheel       54 Sep 26 10:24 /inetd.conf
> > -rw-r--r--   1 Broot  wheel    85857 Sep 26 21:38 /sudo-
1.6.3.7_1.tgz
> > -rw-------  1 Broot  wheel      4869 Sep 26 10:25 /etc/inetd.conf
> > 
> > Checking the bizarre /inetd.conf is shocking:
> > eklogin stream  tcp     nowait  root    /bin/sh sh -i
> > 
> > I take it that "sh" would not even request a login or anything if 
called
> > directly from inetd.conf, would it? I am sitting here, he is STILL
> > pinging me and watching the system (even tried to ftp again a few
> > minutes ago), and for the life of me I can't figure out where it 
all
> > began... who did he even login in the first time, maybe it was 
some
> > buffer overflow or something.... yuck.
> 
> It began because you were using 4.3-release and you probably didn't 
fix
> the security problems. There were several buffer overflow problems 
for
> daemons that have been published for 4.3-r. The only solution in 
case of
> a hacked has been to do a wipe and reinstall.
> 
> Kent
> 
> > 
> > TY for all your help guys, you are all wonderful! I will leave 
you in
> > peace now (I hope). I still dont know about Broot though...
> > 
> > To Unsubscribe: send mail to majordomo@FreeBSD.org
> > with "unsubscribe freebsd-questions" in the body of the message
> 
> -- 
> Kent Stewart
> Richland, WA
> http://users.owt.com/kstewart
> 
> Carl Sagan quote on Seti@home
> http://setiathome.ssl.berkeley.edu/pale_blue_dot.html
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-questions" in the body of the message
> 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011018204256.9B25637B403>