[plug] Compromised
Oliver White
ojw at iinet.net.au
Sun Oct 1 00:18:28 WST 2000
Bernard Blackham wrote:
> Hmmm, pull the network card on it? or the modem? if that's plausable.
Hehe, then I wouldn't be able to get your helpful emails. :-)
> How's you're firewall?
I have none.
> Change root password. If they're logged in as a shell, type w to see who
> exactly is logged on. It should give you something like (this is from
> mine):
>
No problem there.
> As to see what they've done, perhaps browse through the .bash_history file
> in /root/ if it's there. Anything more advanced is out of my league,
> unless you have tripwire or something similar installed.
Again... nothing.
> Hope this helps,
It certainly does. This really is quite surreal....
nmap shows nothing nasty open...
syslog has nothing nasty in it...
But 3 times tonight my IRC client has 'ghost typed' <cyanide> I hope you fall
in a big pit
Now while this is normal conversation for me, granted, I'm almost certain I
didn't type it, unless I've got some rather odd mental problem. (entirely
possible)
Anyway... all very odd.
Gnite.
--
Oliver White
More information about the plug
mailing list