[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: who owns the ports?

On Wed, 7 Feb 2001, Matthias G. Imhof wrote:

> Performing strobe or nmap on my system, I get, e.g., the following list:


It is very likely that your host has been compromised and a rootkit
installed. Do not trust any of the utilities on that host. Instead, boot
off a (trusted) rescue cd with a clean system on it, and check with it. 
Be careful how you take down that computer: I have seen crackers install
background processes that monitor e.g. the connectivity of the computer
and do an "rm -rf /" command if they suspect they have been caught. As
crazy as it sounds, if your computer has indeed been compromised the
safest thing may indeed be to simply cut the power off. Whatever you do,
be careful.



Giacomo Mulas <gmulas@ca.astro.it, gmulas@tiscalinet.it>

Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel.: +39 070 71180 216     Fax : +39 070 71180 222

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)

Reply to: