Hacked?
Blaine Kahle
goatee at binary.net
Sun May 11 11:03:23 PDT 2003
On Fri, May 09, 2003 at 11:01:21AM -0600, Brett Glass wrote:
> At 08:25 AM 5/9/2003, Bjoern A. Zeeb wrote:
>
> >this asumes that truss is ok ;-) perhaps take the truss from your
> >other 4.7 machine ...
>
> Yes, you do have to be careful of this. I recently investigated a
> machine that had been "owned," and when truss was applied to some
> commands (e.g. netstat) it produced no output.
I'm showing that truss'ing netstat produces no output on several
versions of FreeBSD that I have installed. Is this correct behavior? The
truss and netstat binaries both check out when compared to the listings
at http://www.knowngoods.org/
--
Blaine Kahle
blaine at binary.net
0x178AA0E0
More information about the freebsd-security
mailing list