I have a compromised RH73 machine, until such time as I can pull it down, what can I do to identify and shut down any rogue processes/backdoors ?
BDC scan identified: ---- BDC/Linux-Console v7.0 (build 2492) (i386) (Dec 11 2003 13:24:00) Copyright (C) 1996-2003 SOFTWIN SRL. All rights reserved. /var/tmp/mremap_pte infected: Linux.OSF.8759 ...(several more) /var/tmp/tlsd.pl infected: Backdoor.Perl.Termapp.A ... * packed with (Upx) * packed with (ExePack 3.69) * packed with (ExePack 3.69) ---- additionally, there was baddies in and below /tmp I've removed all the baddies, but, I expect there will be some open ports ? is there a way to shut them in the interim period till I can get to the machine ? -- Voytek -- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
