Rooted system

Mon Feb 16 12:20:52 PST 2004

On Mon, Feb 16, 2004 at 12:00:52PM -0800, freebsd-security-request at freebsd.org wrote:
> Date: Mon, 16 Feb 2004 01:20:23 +0100
> From: "Remko Lodder" <remko at elvandar.org>
> Subject: RE: [Freebsd-security] Rooted system
> To: "Duncan Campbell" <campbell at tagish.taiga.ca>,
> 	<freebsd-security at freebsd.org>
> Message-ID: <20040216001944.306A92B4D6C at mail.evilcoder.org>
> Content-Type: text/plain;	charset="iso-8859-1"
> 
> Hi,
> 
> 
> And now what? [ You are unclear to me ]
> 
> Well, you could use a Security Toolkit Distribution from Knoppix, called
> knoppix-std
> And do some research with that.

  More generic forensic help (less Linux-specific) might come from the
"Coroner's Toolkit" from the team of Wietse Venema and Dan Farmer
(SATAN et al., and also TCPwrap and Postfix in the case of Wietse.)
It's supposed to be pretty cross-platform with BSD support. 

  <http://www.porcupine.org/forensics/tct.html>

  Sounds like it might already be a bit late to do deep forensics on
the system but maybe better late than never.

> Hope this helps you a little,
> 
> And sorry to hear that your system is compromised, hang on, take care, and
> if we can
> help...

  Sorry to hear it also.

  I assume, since you've been active on this list, your system was
fully patched, up-to-date with all FreeBSD security notices?  Any
particular nonstandard ports or services running on this system?

  -- Clifton

-- 
          Clifton Royston  --  cliftonr at tikitechnologies.com 
         Tiki Technologies Lead Programmer/Software Architect
Did you ever fly a kite in bed?  Did you ever walk with ten cats on your head?
  Did you ever milk this kind of cow?  Well we can do it.  We know how.
If you never did, you should.  These things are fun, and fun is good.
                                                                 -- Dr. Seuss