you could always compare the MD5 checksums of any critical
binaries with the checksums of the pristine files on your
distro CD, if you have one. It could be a learning experience. :)
Then, if you care a lot about break ins, you could set up a network
server to copy the MD5 checksums to each night. This is essentially
what tripwire does. Of course, this is just for the security
enthusiast.
Also, there is some app that checks your box for the trojans
that have been used for the denial of service attacks. Most
likely, anything left behind on your machine would be a program
to use your box to flood some server somewhere, since this is
all teh rage nowadays. (unfortunately)
Moral: reinstall if you care.
Dave
On Mon, 20 Mar 2000 [EMAIL PROTECTED] wrote:
> On Sun, Mar 19, 2000 at 09:23:02PM -0600, Dimon wrote:
> > i got an IRC intrusion recently...
> > i have never dealt with that before so im curious how to secure my system
> > and get rid of everything that person did to my box.
> > is there any possibility that he infected any of my binaries... or just
> > put some trojan in my runlevels or mbr or anything...
>
> unless you use tripwire or aide, it will be easier to reinstall the os
> from scratch than figure out what the person may have done if you had
> a root compromise.
---------------------------------------------------------------------------
Send administrative requests to [EMAIL PROTECTED]
