When running "top" recently I found a process "comsat" running on my Alpha.
I was quite surprised since I knew what comsat is, and do NOT use biff.
I use pine, but I've never noticed it invoked comsat.
I suspected some crook had insinuated a fake "comsat" (we had an hacker attack
on another machine with a fake "telnetd") but ps showed it was child of
inetd, and the executables in /usr/sbin look OK.
After I checked with "biff" that the setting was actually "biff n" (I thought
a misspelling "diff" with "biff" could have done it) the "comsat" process
disappeared.
Is all this normal, or should I suspect intrusions ?
----------------------------------------------------------------------------
Lucio Chiappetti - IFCTR/CNR - via Bassini 15 - I-20133 Milano (Italy)
For more info :
http://www.ifctr.mi.cnr.it/~lucio/personal.html
----------------------------------------------------------------------------
Received on Thu Nov 27 1997 - 21:29:49 NZDT