"Kenneth E. Lussier" wrote: > > There are many diiferent root kits out there, and there are a > bunch of different tools to detect them. Check out PacketStorm > (http://packetstorm.securify.com). One common thread is that > almost all root kits need to be compiled on the system that they > are installed on. > Look for binaries with dates on them that don't match what they > should be. > Tom Rauschenbach wrote: > > > > BTW: Before I dip this disk in Lysol, could someone tell ne > > how to look for a root kit ? If there is one here I'd like to > > see it. > > > > Thanks > > > > -- > > There's no such thing as a "pretty good" alligator wrestler. > > [EMAIL PROTECTED] Tom Rauschenbach > > Made me look... I just noticed a little activity the past few days as well (my system is up in M$ most of the time as I'm about the only one who runs Linux here) - found these in the logs: Feb 9 20:46:09 ria in.ftpd[5195]: refused connect from p3EE0E44B.dip.t-dialin.net . . . Feb 11 13:43:19 ria in.telnetd[1114]: refused connect from sarua.uniandes.edu.co I'm sure if I looked I would see a lot more notes in my BlackIce logs. I know - I shoulda had ftp/telnet off and BlackIce ain't worth a <deleted>, but... I do have 'em turned off now though, and BlackIce is all I currently have (was up to date on all my patches though ;) D. Roberts
begin:vcard n:Roberts;David tel;pager:Not since I found MobilCOMM too UNreliable tel;cell:Yup - not usually on though :) tel;fax:Don't believe in 'em tel;home:Sorry - the better half would kill me tel;work:978-256-0052 x1393 x-mozilla-html:FALSE url:http://roberts-0.dsl.speakeasy.net/ org:Mercury Computer Systems, Inc.;Hardware Support Engineering adr:;;;Nashua;NH;03060;USA version:2.1 email;internet:[EMAIL PROTECTED] title:Senior Hardware (Software really) Engineer note;quoted-printable:The HomePage currently works...=0D=0AIF I'm running Linux that is!=0D=0A=0D=0AIf the system is up in windows=0D=0Ayou won't find the page as I do=0D=0ANOT trust any windows application!=0D=0A=0D=0A=3B)=0D=0A x-mozilla-cpt:;19008 fn:David Roberts end:vcard
