[42054] in Hotline Meeting
Potential rogue process?
daemon@ATHENA.MIT.EDU (map@MIT.EDU)
Mon Feb 23 22:50:52 1998
From: <map@MIT.EDU>
Date: Mon, 23 Feb 1998 22:50:45 -0500
To: hotline@MIT.EDU, security@MIT.EDU
After logging in to this workstation just now, I noticed an unusual process
that I've never seen before on an Athena workstation and thought I would
alert you, just on the off chance that it is an indication of a problem.
It might be something that a previous user left and didn't get cleaned up,
or something left intentionally to try and trap security info, or it could
be legitimate. It's just that it seemed strange to me, so I thought I'd
report it to be safe...
From a ps uwww 5349:
USER PID %CPU %MEM SZ RSS TT S START TIME COMMAND
bin 5349 0.0 5.1 3916 1532 ? S Feb 18 1:32 /etc/rc5-sunos-socks4 -n 20 -a rc5.slacker.com linux@linuxnet.org
The hostname is m12-182-7.
-MAP
