On Thu, 22 Jul 2004 17:42:53 -0500 Paul Stolp <paulywall@myrealbox.com> wrote: > > I checked in on some bittorrent progress today at lunch, noticed my > process monitor showing full activity. Ran top, saw user "guest" logged > on, running 4 instances of a program named "t", and short term load > average over 4. AARRRRGGGHHH! > shutdown -h now ! Believe it or not, this is often a bad idea. It's often easier to determine the scope of a compromise by watching the intrude for a little while than to attempt to find out afterwards with forensics. > pull network cable > reboot > look for damage, whew, I was O.K. How did you determine this? -c -- Chris Metzler cmetzler@speakeasy.snip-me.net (remove "snip-me." to email) "As a child I understood how to give; I have forgotten this grace since I have become civilized." - Chief Luther Standing Bear
Attachment:
pgpwZmqj4IDrd.pgp
Description: PGP signature