Herb and AMMRLers,
Yes, I have unfortunately seen that "RIP" on one of my Ultra5 that had been
hacked. In my case, system function was not disabled; the hackers
evidentally were just using the computer as an ftp site for others to
download presumably bootleg software. The initial symptoms were a slow
running computer, slightly higher disk space usage, along with the "RIP" on
the performance meter. I'm not certain how they initially gained access, but
ultimately had it set up to run this activity through an user's VNMR
account, so it seemed like legitamate ftp activity. (the remote site was a
berkeley.edu address, no less!) The files were "hidden" in the .dt file of
this user, so the location of the disk space usage wasn't apparent at first.
I too would be curious if any others have had this happen and if the route
of entry was know. In my case, the campus IT people here don't want to place
this computer back on the network until I reformat the disk and reload
software stating that is the only way to prevent for certain that it
wouldn't happen again from a hidden backdoor trojan.
Regards,
Neal
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Neal J Stolowich, PhD
Sr. Spectroscopist and Manager
Department of Chemistry Office: 502-852-7894
ULNMR Facility Fax: 502-852-8149
University of Louisville
Louisville, Kentucky 40292
-----Original Message-----
> From: Dr. Herbert Schwartz [mailto:schwah_at_rpi.edu]
> Sent: Thursday, June 27, 2002 1:15 PM
> To: ammrl_at_chemnmr.colorado.edu
> Subject: Sun questions
Ok, here is one that i hope at least some one has seen.
On our Inova 300 running sunos 5.6 and vnmr 6.1b , i found no text
window, no acquisition status window and no acqi window (could not
su). After some suggestions, I checked the sun's performance meter and
found........
a tombstone icon with the letters RIP
not a good sigh huh,, our campus puter people are either stuck or on
vacation. Has anyone ever seen that as a "normal" indicator on a sun's
performance meter, or is this possibly a hack? Only other indication of
possible hacking is a spontaneous reboot the night before, but no log in
was indicated, but there were lightning storms in area, so could have been
a quick power outage.
Thanks if anyone has any idea what that icon means, if anything.
Received on Fri Jun 28 2002 - 20:48:52 MST