Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 14 Nov 1996 16:57:35 +0100 (MET)
From:      Christoph Kukulies <kuku@gilberto.physik.rwth-aachen.de>
To:        froden@bigblue.no
Cc:        questions@FreeBSD.org
Subject:   Re: Hackers?
Message-ID:  <199611141557.QAA08936@gilberto.physik.rwth-aachen.de>
In-Reply-To: <199611141447.PAA02691@login.bigblue.no> from Frode Nordahl at "Nov 14, 96 03:47:56 pm"

next in thread | previous in thread | raw e-mail | index | archive | help
> Last night, one of our FreeBSD 2.1.5 machines rebooted.  There is no entry of it in the messages file, but the lastlog says this
> 
> xxx       ttyp0    xxxx            Thu Nov 14 02:11 - 02:13  (00:01)
> reboot    ~                         Thu Nov 14 02:01
> xxxx     ttyp7    xxxxxxxxx Thu Nov 14 00:36 - 00:44  (00:07)
> 
> (Usernames and hostnames of the entry above/under are scratched out...)

I assume that *you* scratched out the usernames in your posting rather than 
the presumed hacker in the wtmp file :-)

/etc/daily starts (normally) at 2 o'clock a.m. so I assume it has
been some system flakyness (hardware) that caused your system to reboot.
I've seen reboots as well sometimes which were not initiated by a user
and were not flagged as crash.


> 
> As you can see, no one was logged on at the time.  The messages file has noe entries of the activity other than the kernel 
> startupmessages.
> 
> Can a FreeBSD box do this of itself if it gets into trouble?  Memory fault, disk fault or something like that?  Or do we have reason 
> to believe this is hacker activity?
> 
> In any case, what should we do??
> 
> 

--Chris Christoph P. U. Kukulies kuku@gil.physik.rwth-aachen.de



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199611141557.QAA08936>