Here's what happened when I ran chkrootkit on my main system: === quote ===
# chkrootkit << output snipped >> eth0 is not promisc Checking `wted'... 3 deletion(s) between Tue Oct 22 22:40:28 2002 and Fri Oct 26 22:48:32 1990 7 deletion(s) between Sat Jan 12 23:20:01 1918 and Sat Jan 4 08:39:44 2003 4 deletion(s) between Sat Jan 4 08:39:44 2003 and Tue Oct 22 22:45:16 2002 1 deletion(s) between Thu Dec 5 18:36:13 2002 and Thu Dec 5 18:54:40 2002 1 deletion(s) between Wed Jan 8 12:59:41 2003 and Wed Jan 8 13:10:57 2003 1 deletion(s) between Wed Jan 8 13:27:10 2003 and Wed Jan 8 13:35:22 2003 8 deletion(s) between Fri Jan 31 02:35:24 2003 and Thu Mar 13 01:51:18 2014 2 deletion(s) between Fri Jan 31 02:55:53 2003 and Tue Oct 9 15:01:26 2029 nothing deleted Checking `scalper'... not infected Checking `slapper'... not infected Checking `z2'... nothing deleted === /quote === Note the dates: there are references to the years 1918, 1990, 2014 and 2029. The first 'wted' line shows deletions between 2002 and 1990, and the third line shows deletions between 2003 and 2002 (i.e. going back in time). Odd. Does this suggest that I've been cracked? This box has been sitting behind an MNF box, which chkrootkit shows as clean, since mid-December. Before this (July-December 2002), it was behind a Mandrake 8.2 box which had a Firestarter firewall. Do I need to reinstall my OS from scratch? -- Sridhar Dhanapalan [Yama | http://www.pclinuxonline.com/] " An ordinary frog goes "ribbit, ribbit" and a budfrog goes "bud ,,, Weis... Er", but a winfrog goes "reboot, reboot, reboot" " -- Civileme
msg65504/pgp00000.pgp
Description: PGP signature
