On Mon, Aug 9, 2010 at 11:25 AM, Paul Hartman
paul.hartman+gen...@gmail.com wrote:
Hi, today when working remotely I ran nethogs and noticed suspicious
network traffic coming from my home gentoo box. It was very low
traffic (less than 1KB/sec bandwidth usage) but according to nethogs
it was
On Tue, 10 Aug 2010 01:10:37 -0500, Paul Hartman wrote:
Second, the problem of chkrootkit telling me find and netstat were
INFECTED, in big scary upper-case letters. The files appear to be
genuine,
chkrootkit hasn't been updated in over a year, a bit scary for a malware
scanner.
I then
Another idea to help with your forensics would be to bring a netstat and
lsof
binary over to your machine and run them to see which actors are running
and
trying to get out. That could help you detect what is running on that
machine
and google your way from there.
If your kernel has
On 08/09/10 12:25, Paul Hartman wrote:
[]
If anyone has advice on what I should look at forensically to
determine the cause of this, it is appreciated. I'll first dig into
the logs, bash history etc. and really hope that this very happened
recently.
Thanks for any tips and wish me good luck.
On Mon, Aug 9, 2010 at 1:59 PM, 7v5w7go9ub0o 7v5w7go9u...@gmail.com wrote:
On 08/09/10 12:25, Paul Hartman wrote:
[]
If anyone has advice on what I should look at forensically to
determine the cause of this, it is appreciated. I'll first dig into
the logs, bash history etc. and really hope
On Monday 09 August 2010 19:59:11 7v5w7go9ub0o wrote:
On 08/09/10 12:25, Paul Hartman wrote:
[]
If anyone has advice on what I should look at forensically to
determine the cause of this, it is appreciated. I'll first dig into
the logs, bash history etc. and really hope that this very
6 matches
Mail list logo
