I had 2 hacks... they both had that. On one box that pid was dead, on the other it
was active. One box was a 4r and the other a 3i. They were both completely different
hacks.
David Conorozzo
PC Assistance, Inc.
>>> "Tony" <[EMAIL PROTECTED]> 02/15/01 02:18AM >>>
++Raq3 with all Patches:
+
+Ran Chkrootkit and got
+
+Checking `netstat'... INFECTED
+
+in.smb was enabled in inetd.conf
+
+Both init and in.smb in /usr/sbin had the same time stamp.
+
+Is it possible to plug this up without flattening the box?
Also found this on this Raq and not on any others:
/root/.la.pid
Anyone have any idea which process la is?
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
