Try http://www.chkrootkit.org
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Hane Sent: Friday, September 26, 2003 3:57 PM To: [EMAIL PROTECTED] Subject: [Full-Disclosure] Rootkit Hi all, I recently had a machine get hacked before I could finish installing all the damn remote-root exploit patches that have been released in the last week. I've done the forensics and I know how they got in and what they did but I would like to know what rootkit they used. Can anyone recommend a good scanner or info site where I can compare some of the binaries I saved (the machine has been wiped)? Also, am I the only one who is totally exhausted from trying to keep up with the last couple of week's patch frenzy? I would have had my last server patched before the attack but things like, sleep, food, and bathroom time got in the way :-) Thanks for the help, Dave _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
