Strange file appeared in my home directory
dgw at liwest.at
Thu Oct 28 12:12:39 PDT 2004
I noticed a file called "regs" in my home directory (which is 21 megs in size)
and I have no clue where it comes from. The file format is not recognized by
any of the common tools. The creation date was about four days ago, so if I
created it, I would have remembered.
I looked at the file with the hexeditor and it seems to consist of lots of
four-byte values which look like addresses on the stack of an application.
About half an hour before the creation date there were numerous failed login
attempts on the SSH port (all from the same IP), but my logs didn't show any
signs of an intrusion.
However, I suspect that I've been hacked. There was another strange occurence:
Yesterday my internet connection went down without a particular reason.
I tested a few other configurations and rebooted multiple times, and after the
fifth reboot (with the usual settings restored) it suddenly worked again.
There seem to be no unusual processes running, but when I'm hacked, I can't
trust the tools on my system any more. Also there were quite a few crashes.
Has anyone seen this file too?
In case anyone wants to know, the offending IP was 188.8.131.52.
More information about the freebsd-questions