On Thu, 22 Jul 2004 17:42:53 -0500 Paul Stolp <[EMAIL PROTECTED]> wrote: > > I checked in on some bittorrent progress today at lunch, noticed my > process monitor showing full activity. Ran top, saw user "guest" logged > on, running 4 instances of a program named "t", and short term load > average over 4. AARRRRGGGHHH! > shutdown -h now !
Believe it or not, this is often a bad idea. It's often easier to
determine the scope of a compromise by watching the intrude for a little
while than to attempt to find out afterwards with forensics.
> pull network cable
> reboot
> look for damage, whew, I was O.K.
How did you determine this?
-c
--
Chris Metzler [EMAIL PROTECTED]
(remove "snip-me." to email)
"As a child I understood how to give; I have forgotten this grace since I
have become civilized." - Chief Luther Standing Bear
pgpQjMBW1NFKJ.pgp
Description: PGP signature
