On Thursday 07 November 2002 12:39 am, Leon Brooks wrote:
On Thursday 07 November 2002 11:57 am, Salane wrote:
is this a problem with chkrootkit or with nfs
Do an lsattr in (/usr)/(s)bin and check for funny attributes, just in case.
One of the features of many rootkits is subverting tools
On Thursday 07 November 2002 08:10 pm, Salane wrote:
On Thursday 07 November 2002 12:39 am, Leon Brooks wrote:
On Thursday 07 November 2002 11:57 am, Salane wrote:
is this a problem with chkrootkit or with nfs
Do an lsattr in (/usr)/(s)bin and check for funny attributes, just in
case.
On Thursday 07 November 2002 07:27 am, Leon Brooks wrote:
On Thursday 07 November 2002 08:10 pm, Salane wrote:
On Thursday 07 November 2002 12:39 am, Leon Brooks wrote:
On Thursday 07 November 2002 11:57 am, Salane wrote:
is this a problem with chkrootkit or with nfs
Do an lsattr
chkrootkit
snip
Checking `asp'... not infected
Checking `bindshell'... INFECTED (PORTS: 1008)
Checking `lkm'... nothing detected
Checking `rexedcs'... not found
Checking `sniffer'... Checking `wted'... nothing deleted
Checking `scalper'... not infected
Checking `slapper'... not infected
Checking
On Thursday 07 November 2002 11:57 am, Salane wrote:
is this a problem with chkrootkit or with nfs
Do an lsattr in (/usr)/(s)bin and check for funny attributes, just in case.
One of the features of many rootkits is subverting tools like netstat. In
fact, I discovered one the other day because