Rãspuns: Rãspuns: finding hidden processes

["Petre Daniel" <petredaniel@yahoo.com>]

its okay to me.i didn't followed so close your emails and replies,
your system was compromised,or you just suspect that?
is that a permanent online box? can you unplugged it and look closely into
it?
chkrootkit is pretty gewd,but personally i trust only me. *grin*
take care,
Dani.

-----Mesaj original-----
De la: Tarjei Huse [mailto:tarjei@nu.no]
Trimis: Monday, December 03, 2001 1:01 PM
Catre: debian-security@lists.debian.org
Cc: debian-security@lists.debian.org
Subiect: Re: Rãspuns: finding hidden processes


Thanks, I got:
dev_to_tty
tdev
/dev/pts/%s
/dev/%s
/dev/tty%s
/dev/pty%s
/dev/%snsole
Obsolete W option not supported. (You have a /dev/drum?)

Any comments? Does this look ok?

Tarjei

Petre Daniel wrote:
>
> -----Mesaj original-----
> De la: Tarjei Huse [mailto:tarjei@nu.no]
> Trimis: Monday, December 03, 2001 9:15 AM
> Catre: debian-security@lists.debian.org
> Cc: debian-security@lists.debian.org
> Subiect: finding hidden processes
>
> Hi If I run chkproc from the chkrootid package I get:
> You have     3 process hidden for readdir command
> You have     3 process hidden for ps command
>
> How can I find these processes?
> Tarjei
>
> try "strings /bin/ps | grep dev" and if ps is corrupted you will see the
> location
> of the configuration files for the rootkit.go there and look into
them.good
> luck.
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact
listmaster@lists.debian.org


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com