have i been hacked?
Kris Kennaway
kris at obsecurity.org
Tue Apr 13 23:18:38 PDT 2004
On Wed, Apr 14, 2004 at 12:51:06AM -0400, dave wrote:
> Hello,
> Wondering if a system on my network has been hacked? At approx 12:30
> this evening the hard disk went crazy, i have been out of town lately and
> have not checked any of the machines, when i did the CPU usage was at 15%
> which on this machine it never gets above 1 maybe 1.5. So i looked, and i
> had nearly 150 processes on the box, 9 running. When i got the daily run
> output i noticed the setuid files have changed. Wondering if this box got
> hacked and if so where to look to confirm this? And if so, what to do?
> Thanks.
> Dave.
This is what you'd expect if someone did a 'make world' on that box -
are you sure there were no other admins online who might have rebuilt
or updated it? If so, then something stranger is going on.
Kris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20040413/bb499987/attachment.bin
More information about the freebsd-questions
mailing list