On Wed, Apr 29, 2009 at 10:18 PM, Cupid Soriano <[email protected]> wrote: > Thanks in advance for the effort, fooler. Here you go: > # strace mkdir 123 > umask(0) = 022 > umask(022) = 0 > mkdir("123", 0777) = -1 ENOENT (No such file or directory) > stat64("123", 0xbfef3800) = -1 ENOENT (No such file or directory)
your box infected by one of the variants of LKM rootkit... the link below will give you an idea... http://forums.techwatch.com.au/viewtopic.php?f=22&t=5823 there are other variants as stealthy as possible... they wont give you an error if you mkdir <numeric name>... fooler. + there are no such thing as 100% bullet proof security system... only layers of defense... _________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
