One way is to check the process running or not. It is possible that ps and
netstat may be compromised, possibly even login. What you can do is get these
files from another uncompromised system and run it.
1 telltale sign when you do netstat or ps is that some of the connections may
not show up.
Also, check all your files in the rc.d -- if a hacker installed something, he
might want it to be executed everytime you reboot -- so it is suppose to show
somewhere in that directory.
On 30 Aug 01 at 20:09, Rino Mardo wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> if it has been left unattended online (even with a firewall) it could
> have been compromised. and yes the only to make sure that there are
> no trojans there is to disconnect it from the network, reformat and
> reinstall.
>
> even if there are sniffer sniffer's out there there are sniffer
> anti-sniffers too like dsniff (thanks to people like dugsong who
> demonstrated that even a switch or snort is foolproof).
>
> so better safe than sorry. reformat.
>
>
>
> - ----- Original Message -----
> From: Fritz Mesedilla <[EMAIL PROTECTED]>
> To: PLUG Mailing List <[EMAIL PROTECTED]>
> Sent: Thursday, August 30, 2001 5:30 PM
> Subject: [plug] please help with majordomo
>
>
> > hi!
> > i was given a server with majordomo that is online.
> > now they want it to be secured by reformatting it.
> >
> > kasi hindi namin alam kung baka napasok na ito.
> > and someone has left a sniffer o kung ano man.
> >
> > is reformatting it the only way to secure it?
> > is there a tool that can check for sniffers?
> >
> > it would really help a lot if you can give me advice.
> > thanks.
> >
> > Fritz Mesedilla
> > Systems Administrator
> >
> > Summit Interactive, Inc.
> > FHM | Seventeen | Candy | Cosmopolitan | Preview | Good
> > Housekeeping femalenetwork.com | candymag.com | fhm.com.ph |
> > cosmo.com.ph
> >
> > Palm Pilot Software: TVSked - Download from the link below
> > --------------------------------------------------------------------
> > -------- http://mesedilla.tripod.com +Basta Ikaw Lord
> >
> > _
> > Philippine Linux Users Group. Web site and archives at
> > http://plug.linux.org.ph To leave: send "unsubscribe" in the body
> > to [EMAIL PROTECTED]
> >
> To subscribe to the Linux Newbies' List: send "subscribe" in the body
> to [EMAIL PROTECTED]
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGPfreeware 6.5.3 for non-commercial use <http://www.pgp.com>
>
> iQA/AwUBO428knri0wX1dLwtEQIT5QCfa02+iU/q3ak2XCO96gK9nRcdg8gAoLYP
> pioTsBxBKyOB5IA3Zj3iwXKQ
> =jTfw
> -----END PGP SIGNATURE-----
>
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
> _
> Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
> To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
>
> To subscribe to the Linux Newbies' List: send "subscribe" in the body to
>[EMAIL PROTECTED]
>
_
Philippine Linux Users Group. Web site and archives at http://plug.linux.org.ph
To leave: send "unsubscribe" in the body to [EMAIL PROTECTED]
To subscribe to the Linux Newbies' List: send "subscribe" in the body to
[EMAIL PROTECTED]
