Strange file appeared in my home directory

Daniela dgw at
Thu Oct 28 12:12:39 PDT 2004

I noticed a file called "regs" in my home directory (which is 21 megs in size) 
and I have no clue where it comes from. The file format is not recognized by 
any of the common tools. The creation date was about four days ago, so if I 
created it, I would have remembered.
I looked at the file with the hexeditor and it seems to consist of lots of 
four-byte values which look like addresses on the stack of an application.

About half an hour before the creation date there were numerous failed login 
attempts on the SSH port (all from the same IP), but my logs didn't show any 
signs of an intrusion.
However, I suspect that I've been hacked. There was another strange occurence: 
Yesterday my internet connection went down without a particular reason.
I tested a few other configurations and rebooted multiple times, and after the 
fifth reboot (with the usual settings restored) it suddenly worked again.
There seem to be no unusual processes running, but when I'm hacked, I can't 
trust the tools on my system any more. Also there were quite a few crashes.

Has anyone seen this file too?
In case anyone wants to know, the offending IP was


More information about the freebsd-questions mailing list