On Fri, 16 Sep 2005 09:50, Nick Rout wrote: > I am embarrassed to say that my home system has been hacked into just > last night, an hour or two before Steve's first message on this subject. [snip] > I ssh'd into my work machine and pulled chkrootkit off it (already > compiled) and managed to make it work on the home machine. Strangely tar > worked when installing the binary version via emerge. chkrootkit > reported nothing untoward. I am not 100% sure how chkrootkit works, and > whether it can be run for the "first" time on an already compromised > network.
I hope you didn't ssh to your work box from the compromised box? If you did then I would recommend changing the password you used (if there was one) for that and having a good look at that box too, just to be sure. > I am now worried that it is extremely likely that something has been > compromised (besides my root password, which I will change). The machine > is "taking stress leave and won't be in the internet today". But this > weekend I have the choice of doing further tests, or doing a complete > re-install (/home is on a separate partition). What do people recommend? Reinstall. If you have the resources then I would clone the drive onto another disk, or use a fresh disk to install onto. You then have the compromised disk for further analysis later on. Do a thorough check of that home partition too. HTH hads -- If you want your spouse to listen and pay strict attention to every word you say, talk in your sleep.
