Re: Hacked or not ?
From: Peter Rosa (prosa_at_pro.sk)
Date: 06/12/04
- Previous message: jon.mercer_at_achean.com: "Re: Hacked or not ?"
- In reply to: Lupe Christoph: "Re: Hacked or not ?"
- Next in thread: Alex Povolotsky: "Re: Hacked or not ?"
- Reply: Alex Povolotsky: "Re: Hacked or not ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "Lupe Christoph" <lupe@lupe-christoph.de> Date: Sat, 12 Jun 2004 14:39:21 +0200
Yes, it runs Tripwire. There is nothing unusual in it's logs.
I wanted to have some sureness. That message NEVER apeared on that machine
before and chkrootkit is running about one year. In the same time I found
some trojans originating from web sites on another Windoze machine on my
network. So I got scared if my router couldn't be hacked.
May be, the "LKM" message was done because of some process terminated as you
wrote. It's also used as a mailserver with AV daemons, so there are such
"temporary" processes.
But what about the /var/log/messages logs absence ?
And, how to test the machine, if it is healthy ?
Peter Rosa
P.S Sorry, if this is not the PROPER list, but I'm a member of few another
lists and this one seems as proper as possible for me. It's about SECURITY,
isn't it ?
_______________________________________________
freebsd-security@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"
- Previous message: jon.mercer_at_achean.com: "Re: Hacked or not ?"
- In reply to: Lupe Christoph: "Re: Hacked or not ?"
- Next in thread: Alex Povolotsky: "Re: Hacked or not ?"
- Reply: Alex Povolotsky: "Re: Hacked or not ?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
