On Friday 14 September 2001 11:57 am, Devdas Bhagat wrote:
> Compile netcat on a clean machine and copy the binary over to the
> suspect machine.
Hi Devdas,
I couldn't understand why you'd want netcat installed on the suspected
cracked box. Is it to sniff for any subsequent cracker activity on the
(suspected) compromised box?
> Reboot the suspect machine with a boot CD, and use rpm to
> verify that the md5sums of the binaries are correct. If *all* software
> is correct, then you don't have a problem.
Correct me if I'm wrong.... rpm when verifying a file uses information about
files stored in the rpm database on the linux box. So, unless the user had
already made another copy of that database on a floppy or cd, he could still
be having trojans on his system since a good cracker could possibly modify
the rpm database also.
> A good suggestion I have seen for this
> was to send syslog to a non existent machine and have another machine
> in promisc mode sniffing all the traffic to the syslog machine.
Sounds interesting...... will have to try it out. Can you give me any more
info on this?
Regards,
Vinu.
_______________________________________________
linux-india-help mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/linux-india-help
