> > > So the hacker installed his own kernel. > > yup.. to be exact.. installed his own kernel extension on the fly thru > /dev/kmem... >
I was able to read more about this through the link below: http://www.la-samhna.de/library/rootkits/basics.html The site also offered a way to check for these rootkits. http://www.la-samhna.de/library/rootkits/detect.html just always prepare for your bios firmware file and reprogram the bios > before you reinstall the server... with a UPS of course :-> It now makes sense to get a copy of your BIOS before deployment and I guess running md5sums or sha1sums of the one running on your system. Perhaps it would help also if there is a write once chip and using that to store your BIOS or a way to turn off the flashing capabilities of your motherboard. Holden
_________________________________________________ Philippine Linux Users' Group (PLUG) Mailing List http://lists.linux.org.ph/mailman/listinfo/plug Searchable Archives: http://archives.free.net.ph
