From owner-FreeBSD-users-jp@jp.freebsd.org  Wed Apr 14 20:02:10 1999
Received: by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) id UAA26116;
	Wed, 14 Apr 1999 20:02:10 +0900 (JST)
	(envelope-from owner-FreeBSD-users-jp@jp.FreeBSD.org)
Received: from tora.eccosys.com (tora.eccosys.com [199.100.7.97])
	by jaz.jp.freebsd.org (8.9.2+3.1W/8.7.3) with SMTP id UAA26108
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 14 Apr 1999 20:02:09 +0900 (JST)
	(envelope-from toshi@he.kobelcosys.co.jp)
Received: (qmail 16866 invoked from network); 14 Apr 1999 10:02:06 -0000
Received: from ns1.kobelcosys.co.jp (root@163.48.1.1)
  by tora.eccosys.com with SMTP; 14 Apr 1999 10:02:06 -0000
Received: from ns1.in.kobelcosys.co.jp (root@ns1.in.kobelcosys.co.jp [10.1.8.2])
	by ns1.kobelcosys.co.jp (8.9.1+3.0W/3.7W-99032600) with ESMTP id TAA27885
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 14 Apr 1999 19:01:54 +0900 (JST)
Received: from he.kobelcosys.co.jp (he.kobelcosys.co.jp [10.16.128.2])
	by ns1.in.kobelcosys.co.jp (8.9.1+3.0W/3.7W-99032510) with ESMTP id TAA24830
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 14 Apr 1999 19:01:53 +0900 (JST)
Received: from vaio.he.kobelcosys.co.jp ([10.1.8.205])
	by he.kobelcosys.co.jp (8.8.5+2.7Wbeta5/3.6Wbeta5-97080705) with ESMTP id TAA07707
	for <FreeBSD-users-jp@jp.freebsd.org>; Wed, 14 Apr 1999 19:01:48 +0900 (JST)
Received: (from toshi@localhost)
	by vaio.he.kobelcosys.co.jp (8.9.1+3.0W/3.7W-98122111) id TAA08260;
	Wed, 14 Apr 1999 19:00:50 +0900 (JST)
Date: Wed, 14 Apr 1999 19:00:50 +0900 (JST)
Message-Id: <199904141000.TAA08260@vaio.he.kobelcosys.co.jp>
From: toshi@he.kobelcosys.co.jp (Toshihiko Ueki/=?ISO-2022-JP?B?GyRCPyJMWklSSScbKEI=?=)
References: <37144E2D.708CCE02@jaif.or.jp>
	    <19990414173239Y.hirano@t.kanazawa-u.ac.jp>
	    <37145F6E.F12B08AF@jaif.or.jp>
X-Mailer: cmail 2.59.14 on GNU Emacs 20.2.2 / Mule 3.0 (MOMIJINOGA)
To: FreeBSD-users-jp@jp.freebsd.org
In-reply-to: Kentaro Hatori's message of "Wed, 14 Apr 1999 18:27:10 +0900"
	     <37145F6E.F12B08AF@jaif.or.jp>
Mime-Version: 1.0 (generated by tm-edit 7.106)
Content-Type: text/plain; charset=ISO-2022-JP
Lines: 35
Reply-To: FreeBSD-users-jp@jp.freebsd.org
Precedence: list
X-Distribute: distribute version 2.1 (Alpha) patchlevel 24e+990405
X-Sequence: FreeBSD-users-jp 41195
Subject: [FreeBSD-users-jp 41195] Re: How do you do about illeagal access on your host?
Errors-To: owner-FreeBSD-users-jp@jp.freebsd.org
Sender: owner-FreeBSD-users-jp@jp.freebsd.org
X-Originator: toshi@he.kobelcosys.co.jp

In message "[FreeBSD-users-jp 41185] Re: How do you do about illeagal access on your host?" on 99/04/14,
	Kentaro Hatori <hatori@jaif.or.jp> writes:

>$B$O$H$A$c$s!w%Q%9%3$G$9!#(B

$B?"LZ$G$9!#$3$s$P$s$O!#(B

>$B:G=i$KIT@5%"%/%;%9$5$l$?$H$-$K!"(Bfbsdrootkit$B$J$k$b$N$r2rE`$7$F<B9T(B
>$B$7$?MzNr$,;D$C$F$$$^$9!#(B

$B$3$NMzNr$O$I$3$K5-O?$5$l$F$$$?$b$N$G$7$g$&(B ?
# $B%7%9%F%`$N%"%+%&%s%F%#%s%05-O?$G$7$g$&$+(B ?

>Apr 14 18:30:00 hogehoge CRON[23130]: (root) CMD (/usr/libexec/atrun)
>Apr 14 18:35:00 hogehoge CRON[23153]: (root) CMD (/usr/libexec/atrun)
>Apr 14 18:40:00 hogehoge CRON[23168]: (root) CMD (/usr/libexec/atrun)
>$B$H$J$C$F$$$F!"$3$l$G(Bcomsat$B$,<B9T$5$l$?$N$+$J$!$H$b;W$$$^$9!#(B

$B$3$l$OJL$KLdBj$J$$$N$G$O$J$$$G$7$g$&$+(B ?   /etc/crontab $B$rJQ99$7$F$$$J(B
$B$1$l$P(B 5 $BJ,$4$H$KF0$/$O$:$G$9$M!#(B

% grep atrun /etc/crontab 
*/5     *       *       *       *       root    /usr/libexec/atrun

>$B$d$C$Q$j%j%b!<%H$G%a%s%F%J%s%9$9$k$N$O!"IT@5%"%/%;%9$r5v$929>2$K$J$k(B
>$B$s$G$9$M!#$H$j$"$($:%k!<%?(B(RT100i)$B$N(Btelnet$B$K$D$$$F??LLL\$K%U%#%k%?$+(B
>$B$1$F$_$^$9!#(B

$B30It%5%$%H$+$i(B IP $B%j!<%A%c%V%k$J%^%7%s$N$h$&$G$9$N$G!"(Btcp_wrappers $B$O(B
$BF~$l$F$*$$$?J}$,NI$$$G$7$g$&!#(B
-- 
$B%3%Y%k%3%7%9%F%`3t<02q<R(B  $B%M%C%H%o!<%/%7%9%F%`K\It(B  $B?"LZ(B $BIRI'(B
E-mail: toshi@he.kobelcosys.co.jp    Powered by FreeBSD with PAO on VAIO 505RX
PGP: Fingerprint16 (2.Xi) = 37 C7 0E 7D 7A C8 E2 56   83 A7 B7 19 9C BF D9 27
     Fingerprint20 (5.0i) = BFE8 9E1A 310D E499 FA4B  50CD EAAB 2862 FED1 A2FB
