port-macppc: Re: HELP! someone is in my NetBSD box!

Subject: Re: HELP! someone is in my NetBSD box!
To: Niels S.Eliasen <nse@ruc.dk>
From: Joe Laffey <joe@laffeycomputer.com>
List: port-macppc
Date: 04/08/2004 14:51:24

On Thu, 8 Apr 2004, Niels S.Eliasen wrote:

> Someone is in my NetBSD box.......
> Password file is busy.....
> How do I get this creep out ?

Step one, unplug the ethernet immediately.

The see how much damage is done. The ONLY 100% safe bet is to completely
reinstall.

If you have tripwire hashes of all system binaries and everything loks ok
then you can be 98% sure it is ok. Otherwise re-install. Bad guys do evil
things like modify w, ps, the kernel, netstat, etc to hide themselves
(including faking the datae on those files).

Good luck,

--
Joe Laffey              |  Want to convert subnet masks between different
LAFFEY Computer Imaging |  notations, or figure the number of IPs in a block?
St. Louis, MO           |  Whatmask - It's FREE (GPL) - NEW Version 1.2!
USA                     |  http://www.laffeycomputer.com/wm.html
------------------------------------------------------------------------------
Mail here will be rejected  -----> "Sigfried Trap" <s_trap@laffeycomputer.com>