RE: [Freebsd-security] Re: Possible compromise ?

• Previous message: Peter Rosa: "Re: Possible compromise ?"
• Next in thread: Peter Rosa: "Re: [Freebsd-security] Re: Possible compromise ?"
• Reply: Peter Rosa: "Re: [Freebsd-security] Re: Possible compromise ?"
• Maybe reply: Remko Lodder: "RE: [Freebsd-security] Re: Possible compromise ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Mark Ogden" <ogden@eng.utah.edu>, "Peter Rosa" <prosa@pro.sk>
Date: Tue, 27 Jan 2004 21:42:06 +0100

that only works when you are presuming that the host was not hacked already
because i would clear those logs when i hacked a system :)

but indeed it's a try,

If you remain unsure, it is best to reinstall the system to be sure that a
fresh
and newly updated (yeah update it when installed :)) system is not
compromised at that
time..

loads of work, but it gives you some relief to know that it's clean.

GoodLuck!

--
Kind regards,
Remko Lodder
Elvandar.org/DSINet.org
www.mostly-harmless.nl Dutch community for helping newcomers on the
hackerscene
-----Oorspronkelijk bericht-----
Van: freebsd-security-bounces@lists.elvandar.org
[mailto:freebsd-security-bounces@lists.elvandar.org]Namens Mark Ogden
Verzonden: dinsdag 27 januari 2004 21:28
Aan: Peter Rosa
CC: freebsd-security@freebsd.org
Onderwerp: [Freebsd-security] Re: Possible compromise ?
Peter Rosa on Tue, Jan 27, 2004 at 09:23:45PM +0100 wrote:
> OK, sorry for unclear previous message.
>
> In the past, one man teached me the FreeBSD basics and also installed my
> gateway. In that time, I was not able to install and setup FreeBSD by
> myself. He left there some holes - e.g. open virtual consoles, unset
> firewall, etc. As the time went, I learned a lot about Unixes and FreeBSD
> and I tried to setup my own firewall, install and setup some programs
(with
> big help of this and Questions lists, manpages and other books).
>
> When I tried to setup more security on that system, except other things, I
> disabled all virtual tty's, because there is no need to connect to this
> machine remotelly (it's located 5 steps from my desk). In the past, that
man
> connected to my system remotely from various IPs.
>
> Now, when I cat /var/log/lastlog, in the very bottom of the file, I can
read
> some connects from remote machines to ttyp0 and ttyp1.
take a look at the /var/log/auth.log, it will show you everyone that
remote connected and was denied.
-Mark
>It's impossible for
> me to retrieve connection dates from that file. Of course, I read man
last,
> man wtmp, etc., but there is nothing about /var/log/lastlog file.
>
> May be, that lines was added in the deep past, when the machine was open.
> But may be, it was done in few previous days...
>
> I know, if my machine was compromised, it is impossible to believe in
> anything on that machine (also kernel, sources). So, are there some other
> ways to get information about connection dates?
>
> Peter Rosa
>
> _______________________________________________
> freebsd-security@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to
"freebsd-security-unsubscribe@freebsd.org"
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
_______________________________________________
Freebsd-security mailing list
Freebsd-security@lists.elvandar.org
http://lists.elvandar.org/mailman/listinfo/freebsd-security
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"

• Previous message: Peter Rosa: "Re: Possible compromise ?"
• Next in thread: Peter Rosa: "Re: [Freebsd-security] Re: Possible compromise ?"
• Reply: Peter Rosa: "Re: [Freebsd-security] Re: Possible compromise ?"
• Maybe reply: Remko Lodder: "RE: [Freebsd-security] Re: Possible compromise ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: How to turn DNS off in sshd_config? ... >> is a feature, not a bug. ... The solution is to fix your naming setup. ... I use putty to connect to freebsd. ... Sometimes connection fails and I need to restart ppp (it ... (comp.unix.bsd.freebsd.misc) IPSec tcp session stalling ... A remote FreeBSD server: S ... LR and RR are connected via an IPSec tunnel. ... 1400 bytes or so from W to S or vice versa the connection stalls and I ... (freebsd-questions) RE: [Freebsd-security] Re: Possible compromise ? ... is that you reinstall. ... I was not able to install and setup FreeBSD by ... >> me to retrieve connection dates from that file. ... (FreeBSD-Security) Re: How to turn DNS off in sshd_config? ... > is a feature, not a bug. ... The solution is to fix your naming setup. ... I use putty to connect to freebsd. ... Sometimes connection fails and I need to restart ppp (it ... (comp.unix.bsd.freebsd.misc) RE: Remote Acess thru VPN problem ... I've tried almost every setting in the VPN device software setup and can't ... I can remote connect through the LAN but not through the web. ... My office has XP Pro and home is XP Home. ... > remote connection from the LAN side. ... (microsoft.public.windowsxp.work_remotely)