>On Sun, 14 Mar 2010 18:34:39 +0530 >Raj Mathur <r...@linux-delhi.org> wrote: > > Anything that looks odd, actually. It's difficult to generalise, but > usually file names starting with . or space, file/directory names > containing spaces, executable files are things I would look for. >
OK sir-ji ! > > No, the flags alone will not tell you about unauthorised connections. > For that you need to see which ports on your server are open and mark > any non-standard ones (they'll be used for command and control of your > infected server by remote entities), and which ports/servers your > machine is making a connection to. For instance, if you see a lot of > connections from your computer to a remote TCP port 25, and your > machines isn't a mail server, it could indicate that you've been taken > over by a spambot which is relaying spam through your machine. Suppose we find that someone is really using port 25 or other port. What should the infected user is suppose to do ? Close the connection and/or the machine immidiately or to trace the intruder or what else and How ? >I'm sure Suresh would have more information on this side of things. > A million $ suggestion. :) > As other people have pointed out, this isn't something that can be > learnt in a hurry, so experience (or experienced people) is your best > friend where it comes to detecting cracked machines. > Am really NOT in a hurry. Have enough patience and ready to learn it step-by-step ! So pl tollerate the dumb Qs from this side ! :) ~ Pats ------------------------------------------------------------------------------ Download Intel® Parallel Studio Eval Try the new software tools for yourself. Speed compiling, find bugs proactively, and fine-tune applications for parallel performance. See why Intel Parallel Studio got high marks during beta. http://p.sf.net/sfu/intel-sw-dev _______________________________________________ linux-india-help mailing list linux-india-help@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/linux-india-help
