On Fri, Nov 16, 2001 at 10:58:48AM -0600, Ursula A. Kallio wrote:
> Now you have me curious.  Any reason why you would "PULL THE NETWORK AND
> THE POWER PLUGS!"?  Please explain what you are reacting to.

Florin is implying that the box was hacked.  If you are in a production
environment working for a company, the best way to make sure that you
can make an insurance claim for computer hacking/espionage, you need to
preserve the machine at its current state.  That means no flush to disk,
no further network connections, etc.  This means pull the power and let
the machine crash.  You then hire a data extraction and security company
to examine the data on disk w/diagnostic tools.  I.e. rebooting the
computer with a ramdisk image and mounting the harddrives as read only.

I'm going to do a google search on those process names and see if
anything turns up.  Chances are that this isn't a big deal.  If this
were a serious hack, you wouldn't see process names like P43r or other
1337 speak.  You would see something like sendmail, or sshd.  Trojans,
etc.

-- 
Chad Walstrom <chewie at wookimus.net>                 | a.k.a. ^chewie
http://www.wookimus.net/                            | s.k.a. gunnarr
Key fingerprint = B4AB D627 9CBD 687E 7A31  1950 0CC7 0B18 206C 5AFD

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: not available
Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20011116/5e269037/attachment.pgp