>
> Another idea to help with your forensics would be to bring a netstat and
> lsof
> binary over to your machine and run them to see which actors are running
> and
> trying to get out. That could help you detect what is running on that
> machine
> and google your way from there.
If your kernel
On Tue, 10 Aug 2010 01:10:37 -0500, Paul Hartman wrote:
> Second, the problem of chkrootkit telling me "find" and "netstat" were
> INFECTED, in big scary upper-case letters. The files appear to be
> genuine,
chkrootkit hasn't been updated in over a year, a bit scary for a malware
scanner.
> I th
On Mon, Aug 9, 2010 at 11:25 AM, Paul Hartman
wrote:
> Hi, today when working remotely I ran nethogs and noticed suspicious
> network traffic coming from my home gentoo box. It was very low
> traffic (less than 1KB/sec bandwidth usage) but according to nethogs
> it was between a root user process
On Monday 09 August 2010 19:59:11 7v5w7go9ub0o wrote:
> On 08/09/10 12:25, Paul Hartman wrote:
> []
>
> > If anyone has advice on what I should look at forensically to
> > determine the cause of this, it is appreciated. I'll first dig into
> > the logs, bash history etc. and really hope that this
On Mon, Aug 9, 2010 at 1:59 PM, 7v5w7go9ub0o <7v5w7go9u...@gmail.com> wrote:
> On 08/09/10 12:25, Paul Hartman wrote:
> []
>> If anyone has advice on what I should look at forensically to
>> determine the cause of this, it is appreciated. I'll first dig into
>> the logs, bash history etc. and reall
On 08/09/10 12:25, Paul Hartman wrote:
[]
> If anyone has advice on what I should look at forensically to
> determine the cause of this, it is appreciated. I'll first dig into
> the logs, bash history etc. and really hope that this very happened
> recently.
>
> Thanks for any tips and wish me good
6 matches
Mail list logo
