> what is pan2?
> We just got hacked, and looking in the root's .bash_history, they
> downloaded pan2 from a .ro server, and it's still running. I was just
> wondering what that is..i can't seem to get a clear answer from google.

Side question that you probably want to ignore for now:  Could you tell us
about your setup and how you think the cracker got in?

I am just curious about the whole story.  How are you connected to the
net?  What firewall technology you were using?  Was the box at home, work,
co-lo?  What OS?  How did you discover the break-in?  Etc.

Right now, you need to do investigations and get secure again.  But, at
some point, I'd like to learn from your experience.

Alan