From owner-FreeBSD-users-jp@jp.freebsd.org  Wed Apr 14 19:10:44 1999
Received: by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) id TAA22741;
	Wed, 14 Apr 1999 19:10:44 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from ns.aquilax.com (ns.aquilax.com [210.232.201.226])
	by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) with SMTP id TAA22731
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 14 Apr 1999 19:10:41 +0900 (JST)
	(envelope-from yamada@ns.aquilax.com)
Received: (qmail 13952 invoked by uid 501); 14 Apr 1999 10:10:35 -0000
To: FreeBSD-users-jp@jp.freebsd.org
References: <37144E2D.708CCE02@jaif.or.jp>
 <19990414173239Y.hirano@t.kanazawa-u.ac.jp> <37145F6E.F12B08AF@jaif.or.jp>
MIME-Version: 1.0 (generated by SEMI 1.13.2 - "Mikawa")
Content-Type: text/plain; charset=ISO-2022-JP
From: masakazu@yamada.gr.jp (Masakazu Yamada)
Date: 14 Apr 1999 19:10:35 +0900
In-Reply-To: <37145F6E.F12B08AF@jaif.or.jp> (Kentaro Hatori's message of "Wed, 14 Apr 1999 18:27:10 +0900")
Message-ID: <m2u2uj1pic.fsf@star.aquilax.co.jp>
Lines: 39
User-Agent: Semi-gnus/6.10.3 SEMI/1.13.2 (Mikawa) FLIM/1.12.5 (Hirahata) MULE XEmacs/20.4 (Emerald) (i386-unknown-freebsd)
X-Face:  "eh;q+(S.*/UH%*zN1_HQR>pU[S[3oX%^=yA5eS+aeCsbYkAu5sh|99qI3n|Nbg9,k}9`&M
 ~\9`;lIq=dGJ\?VvgH01WG+.PI'>'n7q7rz%+*/=N+^7QTn~1M%0LYU/9XF\5eEdNgL`Ma:U/X.W7j
 68{"n/pT-oI#/_N>3zrCyywBQ$u5fK}(d:6I#vt;.4gjE);@q4vs|Lk>?dL#kZh=`V9A]7+
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990405
X-Sequence: FreeBSD-users-jp 41189
Subject: [FreeBSD-users-jp 41189] Re: How do you do about illeagal access on  your host?
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: yamada@star.aquilax.co.jp


>>>>> In <37145F6E.F12B08AF@jaif.or.jp> 
>>>>>	Kentaro Hatori <hatori@jaif.or.jp> wrote:

> $B:G=i$KIT@5%"%/%;%9$5$l$?$H$-$K!"(Bfbsdrootkit$B$J$k$b$N$r2rE`$7$F<B9T(B
> $B$7$?MzNr$,;D$C$F$$$^$9!#(B

$B%5!<%A%(%s%8%s$G8!:w$7$?$H$3$m!"<!$N$h$&$J$b$N$r8+$D$1$^$7$?!#(B
http://www.k-elektronik.org/arsip/eksploit/bsd/freebsd/fbsdrootkit.tar.gz

$BFbMF$H$7$F$O!"(B

This package includes the following:

chpass          Trojaned! User->r00t
inetd           Trojaned! Remote access
login           Trojaned! Remote access
ls              Trojaned! Hide files
du              Trojaned! Hide files
ifconfig        Trojaned! Hide sniffing
netstat         Trojaned! Hide connections
passwd          Trojaned! User->r00t
ps              Trojaned! Hide processes
rshd            Trojaned! Remote access
syslogd         Trojaned! Hide logs
fix             File fixer!
addlen          File length fixer(!)
zapbsd2         An improved utmp/wtmp/lastlog type zapper
bindshell       port/shell type daemon!
tripwire        Trojaned! Hide changes
sniffit         A kewl sniffz0r!

$B$H$$$&$h$&$J$b$N$G$9!#2>$K$3$l$,%$%s%9%H!<%k$5$l$?$H$7$?$i!"$=$N$^$^F0$+(B
$B$7$F$*$$$F$O$$$1$J$$$G$7$g$&!#B(:B$K%M%C%H%o!<%/$+$i@Z$jN%$9$Y$-$G$9$M!#(B

$B$=$N%[%9%H$@$1$NLdBj$G$O$J$/$F!":G0-%I%a%$%sA4BN$N%f!<%6$N%Q%9%o!<%I$,Ep(B
$BD0$5$l$F$$$k2DG=@-$b9M$($?J}$,$$$$$+$b$7$l$^$;$s!#(B

-- 
masakazu@yamada.gr.jp (Masakazu Yamada) $B;3ED(B $B2m0l(B
