On Fri, Nov 16, 2001 at 10:58:48AM -0600, Ursula A. Kallio wrote: > Now you have me curious. Any reason why you would "PULL THE NETWORK AND > THE POWER PLUGS!"? Please explain what you are reacting to. Florin is implying that the box was hacked. If you are in a production environment working for a company, the best way to make sure that you can make an insurance claim for computer hacking/espionage, you need to preserve the machine at its current state. That means no flush to disk, no further network connections, etc. This means pull the power and let the machine crash. You then hire a data extraction and security company to examine the data on disk w/diagnostic tools. I.e. rebooting the computer with a ramdisk image and mounting the harddrives as read only. I'm going to do a google search on those process names and see if anything turns up. Chances are that this isn't a big deal. If this were a serious hack, you wouldn't see process names like P43r or other 1337 speak. You would see something like sendmail, or sshd. Trojans, etc. -- Chad Walstrom <chewie at wookimus.net> | a.k.a. ^chewie http://www.wookimus.net/ | s.k.a. gunnarr Key fingerprint = B4AB D627 9CBD 687E 7A31 1950 0CC7 0B18 206C 5AFD -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 232 bytes Desc: not available Url : http://shadowknight.real-time.com/pipermail/tclug-list/attachments/20011116/5e269037/attachment.pgp