Re: My machine compromised?
great tool ... never knew it existed until this post.
At Wednesday, 3 December 2003, "Karsten M. Self" <kmself@ix.netcom.
com> wrote:
>on Wed, Dec 03, 2003 at 01:03:34AM -0800, Vanh Phom (vphom@comcast.
net) wrote:
>> Hi folk,
>> After reading on report of servers compromised. Just for curiorsity I
>> run chkrootkit on my own machine and come up with this result:
>>
>> Searching for anomalies in shell history files... nothing found
>> Checking `asp'... not infected
>> Checking `bindshell'... not infected
>> Checking `lkm'... You have 12 process hidden for readdir command
>> You have 12 process hidden for ps command
>> Warning: Possible LKM Trojan installed
>> Checking `rexedcs'... not found
>> Checking `sniffer'...
>> eth0: PROMISC
>>
>> Is my machine compromised? How to fix this?
>
>12 hidden processes is more than I've typically seen (4).
>
> # chkrootkit -v lkm
>
>...for more verbose diagnostics.
>
>Peace.
>
>--
>Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.
netcom.com/
> What Part of "Gestalt" don't you understand?
> Integrity, we've heard of it: http://www.theregister.co.uk/
>
>Attached file
>Save attachment
>View attachment as text
> Name: attachment.38
> Type: application/pgp-signature
>
>
Reply to: