>My problem is that I think someone has installed a password sniffer on my
>server and I can't identify the sniffer or remove it. The reason why I
>think that there is a sniffer on my server is because of this file in the
>root directory that updates itself with the passwords of the accounts
>logging on to the server locally.
I was just reading on cnet.com about NT "root kits", traditionally
compromises for *nix boxes. The can be pretty nasty (hidden from
task list, etc, etc).
If somebody here doesn't help, try the ISP-NT, ISP-Tech, ISP-Security
lists at isp-lists.com.
Len
http://BIND8NT.MEIway.com : Binary for ISC BIND 8.2.3 for NT4 & W2K
http://IMGate.MEIway.com : Build free, hi-perf, anti-spam mail gateways
Please visit http://www.ipswitch.com/support/mailing-lists.html
to be removed from this list.
An Archive of this list is available at:
http://www.mail-archive.com/imail_forum%40list.ipswitch.com/
