> -----Original Message----- > From: David Hane [mailto:[EMAIL PROTECTED] > Sent: Friday, September 26, 2003 3:57 PM > To: [EMAIL PROTECTED] > Subject: [Full-Disclosure] Rootkit > > > Hi all, > > I recently had a machine get hacked before I could finish > installing all the > damn remote-root exploit patches that have been released in > the last week. I've done the forensics and I know how they > got in and what they did but I > would like to know what rootkit they used. > > Can anyone recommend a good scanner or info site where I can > compare some of > the binaries I saved (the machine has been wiped)?
This is a great tool for many things, not just forensics. Everyone who has to do investigations or restorations should have a current copy. http://fire.dmzs.com/ You might also want to get chkrootkit. http://www.chkrootkit.org/ (This sometimes doesn't respond.) http://www.pangeia.com.br/download.htm (You can also get it here.) Paul Schmehl ([EMAIL PROTECTED]) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
