On Monday 25 August 2003 10:46 pm, someone claiming to be burns wrote: > On Mon, 2003-08-25 at 18:00, Swapana Ghosh wrote: <snippage> > > ~ > > This looks normal. But I would be very(!) suspicious of any system where > logins, particularly root, have mysteriously changed - especially given > the way you are telnetting in the clear. > > I recommend you unplug your box from the network and go through the logs > with great care, looking for any hint of something out of place. A good > cracker will try to cover his tracks, so the indicators may be very > subtle. I don't suppose you were running Tripwire?
I've heard/read good things about: http://www.chkrootkit.org/ Might be worth taking a look-see... Regards, Tim -- RedHat 8.0 Kernel 2.4.20-19.8, KDE 3.1.3, Xfree86 4.2.1 10:50pm up 3 days, 4:48, 3 users, load average: 1.57, 0.99, 0.58 It's what you learn after you know it all that counts _______________________________________________ Linux-users mailing list [EMAIL PROTECTED] Unsubscribe/Suspend/Etc -> http://www.linux-sxs.org/mailman/listinfo/linux-users
