Roberto, It is possible that the server was hacked, BIND 8.2.3 is fairly old and was found to have remote exploits in itself and libbind, see: http://www.isc.org/products/BIND/bind-security.html Sendmail is now on 8.12.7, I didn't see any remote exploits but there have been a large amount of updates to that also. Have you used chkrootkit? If it was hacked a rootkit would hide most suspicious activity. --Joe I have no idea how the root password on my FreeBSD 4.0 system was = changed, only I have access to it and I have only SMTP (sendmail = 8.12.1), POP3 (qpopper), apache 1.3.26 and BIND 8.2.3 . Everything else = is restricted by ACLs at the router. I had to enter single user mode and change it today. I have thoroughly checked running processes and the logs and there is = nothing suspicious.=20 Please give me your opinion on what could have caused this.=20 Thanks -- Roberto Cardona Jr. =20 -- Roberto Cardona Jr. IT/IS Manager Corporate Office Centers | http://www.corporateofficecenters.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Jan 07 2003 - 13:00:27 PST