Re: who owns the ports?

To: "Matthias G. Imhof" <mgi@VT.EDU>
Cc: debian-security@lists.debian.org
Subject: Re: who owns the ports?
From: Giacomo Mulas <gmulas@ca.astro.it>
Date: Thu, 8 Feb 2001 10:57:14 +0100 (CET)
Message-id: <Pine.LNX.4.21.0102081050520.1879-100000@capitanata.ca.astro.it>
In-reply-to: <3A81BCB8.F30B69E1@VT.EDU>

On Wed, 7 Feb 2001, Matthias G. Imhof wrote:

> Performing strobe or nmap on my system, I get, e.g., the following list:

(omissis)

It is very likely that your host has been compromised and a rootkit
installed. Do not trust any of the utilities on that host. Instead, boot
off a (trusted) rescue cd with a clean system on it, and check with it. 
Be careful how you take down that computer: I have seen crackers install
background processes that monitor e.g. the connectivity of the computer
and do an "rm -rf /" command if they suspect they have been caught. As
crazy as it sounds, if your computer has indeed been compromised the
safest thing may indeed be to simply cut the power off. Whatever you do,
be careful.

Bye
Giacomo

_________________________________________________________________

Giacomo Mulas <gmulas@ca.astro.it, gmulas@tiscalinet.it>
_________________________________________________________________

OSSERVATORIO  ASTRONOMICO
Str. 54, Loc. Poggio dei Pini * 09012 Capoterra (CA)

Tel.: +39 070 71180 216     Fax : +39 070 71180 222
_________________________________________________________________

"When the storms are raging around you, stay right where you are"
                         (Freddy Mercury)
_________________________________________________________________

Reply to:

References:
- who owns the ports?
  - From: "Matthias G. Imhof" <mgi@VT.EDU>

Prev by Date: Re: who owns the ports?
Next by Date: Re: who owns the ports?
Previous by thread: Re: who owns the ports?
Next by thread: Re: who owns the ports?
Index(es):
- Date
- Thread