> I logged into my 1.6.2 system today, and noticed a couple things that I
> thought
> were too strange to be coincidence. First of all, in the ftpd xferlog,
> there are
> at 89 instances of this activity, which was obviously some sort of
> connection

Can you check the 2004-08-17 New Security Advisory ?
( at http://www.netbsd.org/Changes/#sa-040817 )
Does it fit in your configuration?

Anyway if you would check your system you must verify all the involved file
(kernel, executable ...). On a fresh installed system you should take the
md5 sum of all system files and store the result list on a separate safe
place. If you do not have this list I can suggest to you (maybe it is not
the best):
   - create from scratch a copy of the (maybe) compromised system on
     another PC; then take the md5 sum of all the files you need;
   - take the md5 sum of the files of the compromised system;
   - compare the md5 sum list: if they are identical no system file
     was modified;

N.B.:
 - when you take the md5 sum of the compromised system, you must boot from
another trusted PC, mount the compromised hd and then calculate the md5;

 - in this way you can check only the system file installed by NetBSD; you
   cannot check user data file

Hope this will help,
Regards
Roberto