Howyd all? Seems that I have been routed. Possibly by a physical B&E, but who knows? Probably some of you do.... anyways, some politically sensitive email was deleted from a user account and the line low -tr & inserted into my .xinitrc . Duncan (Dhu) Campbell
Hi, And now what? [ You are unclear to me ] Well, you could use a Security Toolkit Distribution from Knoppix, called knoppix-std And do some research with that. Hope this helps you a little, And sorry to hear that your system is compromised, hang on, take care, and if we can help... -- Kind regards, Remko Lodder Elvandar.org/DSINet.org www.mostly-harmless.nl Dutch community for helping newcomers on the hackerscene mrtg.grunn.org Dutch mirror of MRTG -----Oorspronkelijk bericht----- Van: freebsd-security-bounces@lists.elvandar.org [mailto:freebsd-security-bounces@lists.elvandar.org]Namens Duncan Campbell Verzonden: zondag 15 februari 2004 23:45 Aan: freebsd-security@freebsd.org Onderwerp: [Freebsd-security] Rooted system Howyd all? Seems that I have been routed. Possibly by a physical B&E, but who knows? Probably some of you do.... anyways, some politically sensitive email was deleted from a user account and the line low -tr & inserted into my .xinitrc . Duncan (Dhu) Campbell _______________________________________________ freebsd-security@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-security To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org" _______________________________________________ Freebsd-security mailing list Freebsd-security@lists.elvandar.org http://lists.elvandar.org/mailman/listinfo/freebsd-security
How d'you do, Remko? There's not much I can do. This has happened several times before and I've made some pointed comments about BSD security which might be so useful, given that I now believe these intrusions have been physically initiated. I'm reporting this mostly as a public caveat, but also as an apology to honest folks here who might have been offended. Thanks for the pointer to knoppix. I take it this is a bootable CD system with good security tool ... having a look now. Dhu
How d'you do, Remko?
There's not much I can do. This has happened several times
before and I've made some pointed comments about BSD security
which might be so useful, given that I now believe these
NOT
intrusions have been physically initiated.
I'm reporting this mostly as a public caveat, but also as
an apology to honest folks here who might have been offended.
Thanks for the pointer to knoppix. I take it this is a bootable
CD system with good security tool ... having a look now.
Dhu
Hi i am fine thanks, i hope you do to.
Knoppix is indeed a Live-CD, with those security tools onboard (The std
version)
Well i hope everything will work out alright for you.
cheers
--
Kind regards,
Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene
mrtg.grunn.org Dutch mirror of MRTG
-----Oorspronkelijk bericht-----
Van: Duncan Campbell [mailto:campbell@tagish.taiga.ca]
Verzonden: maandag 16 februari 2004 2:58
Aan: campbell@tagish.taiga.ca; freebsd-security@freebsd.org;
remko@elvandar.org
Onderwerp: RE: [Freebsd-security] Rooted system
How d'you do, Remko?
There's not much I can do. This has happened several times
before and I've made some pointed comments about BSD security
which might be so useful, given that I now believe these
NOT
intrusions have been physically initiated.
I'm reporting this mostly as a public caveat, but also as
an apology to honest folks here who might have been offended.
Thanks for the pointer to knoppix. I take it this is a bootable
CD system with good security tool ... having a look now.
Dhu
On Mon, Feb 16, 2004 at 09:12:20AM +0100, Remko Lodder wrote:> Knoppix is indeed a Live-CD, with those security tools onboard (The std > version)Try the security/chkrootkit port, or even sysutils/tct. I fail to see how the suggestion of Knoppix is relevant to FreeBSD security, given that post-mortem and auditing procedures for that Linux distribution would be different. BMS
On Mon, Feb 16, 2004 at 12:00:52PM -0800, freebsd-security-request@freebsd.org wrote:> Date: Mon, 16 Feb 2004 01:20:23 +0100 > From: "Remko Lodder" <remko@elvandar.org> > Subject: RE: [Freebsd-security] Rooted system > To: "Duncan Campbell" <campbell@tagish.taiga.ca>, > <freebsd-security@freebsd.org> > Message-ID: <20040216001944.306A92B4D6C@mail.evilcoder.org> > Content-Type: text/plain; charset="iso-8859-1" > > Hi, > > > And now what? [ You are unclear to me ] > > Well, you could use a Security Toolkit Distribution from Knoppix, called > knoppix-std > And do some research with that.More generic forensic help (less Linux-specific) might come from the "Coroner's Toolkit" from the team of Wietse Venema and Dan Farmer (SATAN et al., and also TCPwrap and Postfix in the case of Wietse.) It's supposed to be pretty cross-platform with BSD support. <http://www.porcupine.org/forensics/tct.html> Sounds like it might already be a bit late to do deep forensics on the system but maybe better late than never.> Hope this helps you a little, > > And sorry to hear that your system is compromised, hang on, take care, and > if we can > help...Sorry to hear it also. I assume, since you've been active on this list, your system was fully patched, up-to-date with all FreeBSD security notices? Any particular nonstandard ports or services running on this system? -- Clifton -- Clifton Royston -- cliftonr@tikitechnologies.com Tiki Technologies Lead Programmer/Software Architect Did you ever fly a kite in bed? Did you ever walk with ten cats on your head? Did you ever milk this kind of cow? Well we can do it. We know how. If you never did, you should. These things are fun, and fun is good. -- Dr. Seuss