On Dec 5, 2003, at 3:30 PM, Liberty Young wrote:

> what is pan2?

If it's the same pan2  I'm thinking of, it's a very ugly hacked up NNTP 
proxy.  It basically enables them to post to usenet anonymously.   Not 
to be confused with 'pan' the newsreader.

> We just got hacked, and looking in the root's .bash_history, they
> downloaded pan2 from a .ro server, and it's still running. I was just
> wondering what that is..i can't seem to get a clear answer from google.

Can you send me the wget URL please in private mail?

dsniff is usually configured to write to a local temp file - you may 
want to scour your hard drive for recently written files.  Also, check 
crontab and the /etc/cron.* dirs for surprises.

Gary