Re: Hacked or not ?

From: Peter Rosa (prosa_at_pro.sk)
Date: 06/12/04

  • Next message: Thordur Ivar: "Re: Hacked or not appendice"
    To: "Lupe Christoph" <lupe@lupe-christoph.de>
    Date: Sat, 12 Jun 2004 14:39:21 +0200
    
    

    Yes, it runs Tripwire. There is nothing unusual in it's logs.

    I wanted to have some sureness. That message NEVER apeared on that machine
    before and chkrootkit is running about one year. In the same time I found
    some trojans originating from web sites on another Windoze machine on my
    network. So I got scared if my router couldn't be hacked.

    May be, the "LKM" message was done because of some process terminated as you
    wrote. It's also used as a mailserver with AV daemons, so there are such
    "temporary" processes.

    But what about the /var/log/messages logs absence ?
    And, how to test the machine, if it is healthy ?

    Peter Rosa

    P.S Sorry, if this is not the PROPER list, but I'm a member of few another
    lists and this one seems as proper as possible for me. It's about SECURITY,
    isn't it ?

    _______________________________________________
    freebsd-security@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-security
    To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"


  • Next message: Thordur Ivar: "Re: Hacked or not appendice"

    Relevant Pages

    • Re: [opensuse] Why does this list permit attachments?
      ... certain logs or screenshots. ... Most other lists I am on prohibit via stripping, which I think is the best ... pastebin-type places logs and images can be uploaded by those who don't ... other files of 20k or more as attachments is what spammers do. ...
      (SuSE)
    • RE: Problem with script requiring valid referrer
      ... same people are on both lists, so it's not the end of the world. ... Are you recording referer data? ... >> recording it, you should be able to verify or refute the claims. ... > Yes, our web logs are recording referrer data, but I wouldn't know ...
      (perl.beginners)
    • Re: Questions concerning Security Log
      ... So I opened the KDE System Logs program, ... This is a script kiddie trying to crack passwords on your ssh server. ... Don't know; I've never used chkrootkit. ...
      (Fedora)
    • Re: Exchange 2003 Black Lists
      ... These logs are in IIS format. ... How to configure connection filtering to use Realtime Block Lists and how to configure recipient filtering in Exchange 2003 ...
      (microsoft.public.exchange.admin)
    • Re: Exchange 2003 GAL and OAL problem
      ... address lists. ... have checked the sync logs and server logs and can't find any errors. ... Associated the new offline address list with the mailbox stores that these users reside on. ... Set the users msExchUseOAB attribute in the active directory with the dn of the address list you want them to download. ...
      (microsoft.public.exchange.admin)