Re: was I cracked? (rpc.statd, new version)
hi ya kath
naw... they lways leave some traces of what they did
to your PC...
i think tripwire is an overkill for what you need to know
in 2 minutes... "did they replace my binaries"...
if you think someone came into your box...
i like a simple/stupid solution
tar zcvf /safe_place_off_line/original_binaries.tgz \
/bin /lib /sbin/usr/{bin,sbin,lib} /etc
( its a quickie test... to compare the current binaries
( against what was the original
if you still not sure... that they ADDED some of their own
apps .... than run tripwire.... and wait and wait..
but than you'd have an answer if you have a good tripwire db going
dozen different ways to identify if they got in and what they
changed... choose your preferred way...
c ua
alvin
On Wed, 11 Jul 2001, kath wrote:
> You can check for modified binaries with tripwire.
>
> If this was a decent hacker or even a script kiddie using a good tool, they
> probably would have purged your logs of all evidence.
>
> So either:
>
> a) They are second rate
> or
> b) They didn't get in
>
Reply to: