Need urgent help regarding security
Paul Schmehl
pauls at utdallas.edu
Thu Nov 17 16:43:21 GMT 2005
--On Wednesday, November 16, 2005 20:29:55 -0500 Steve Bertrand
<iaccounts at ibctech.ca> wrote:
>
>> I think we have a serious problem. One of our old server
>> running FreeBSD 4.9 have been compromised and is now
>> connected to an ircd server..
>> 195.204.1.132.6667 ESTABLISHED
>
> Ran into this recently. Please post the entire output from:
>
># top
># w
># last
># ps -aux
># uname -a
>
Just keep in mind that any or all of these could be hacked versions
designed to hide everything the attacker is doing.
Once a box has been hacked, you can no longer trust any of the binaries
unless you can verify their integrity with MD5 sums from the same binaries
on a known good box.
Paul Schmehl (pauls at utdallas.edu)
Adjunct Information Security Officer
University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/ir/security/
More information about the freebsd-questions
mailing list