[Intrusions] IRC bot on MacOS
Eric Pancer
vxla at security.depaul.edu
Fri Apr 22 13:49:38 GMT 2005
Andrew Daviel wrote on Fri, 2005-04-22 at 02:12:11 -0700...
> I could post network logs, but I think it's all boring IRC and
> SSH encrypted control stuff. Still looking for file timestamps etc., but
> as I say I think it's before the rollover so I'm out of luck unless
> there's more than one guy been trying.
>
> Anyone seen anything like this ? Any hints on tracing Mac bootup (I'm
> basically a Linux person...) ?
Try putting a "set -x" atop all of the /etc/rc* files. Also, check
crontab files for "@reboot" statements.
--
Eric Pancer :.: Computer Security Response Team :.: DePaul University
http://security.depaul.edu/ .:`:.:':.:`:. epancer at security.depaul.edu
pgp: 1024D/7ACBCFF3 C022 4991 41E5 51E7 683C F765 62F7 7F8E 7ACB CFF3
More information about the Intrusions
mailing list