To avoid this sort of thing in the future, and to help you find out what
changed on your box, i'd look into www.lids.org, aide.sf.net,
ippersonality.sf.net and bits and pieces of the openwall.com project for
server level security (not network/firewall level).
In addition to filesystem integrity checking, our tool:
http://radmind.org/
can reverse the changes made by a root kit, providing you boot from known good media. Of course, it is theoretically possible for a root kit to be totally undetectable, even by a tripwire...
:wes
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
