Re: finding a process that bind a spcific port

To: debian-security@lists.debian.org
Subject: Re: finding a process that bind a spcific port
From: Nicolas Rachinsky <deb-security-1@ml.turing-complete.org>
Date: Thu, 23 Jan 2014 09:16:54 +0100
Message-id: <[🔎] 20140123081654.GA69378@mid.pc5.i.0x5.de>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] CAE7pJ3BX6oYNDGFL0KCkNYFVMJXA+yD1eAeE4nbwpjiT5oQQ_Q@mail.gmail.com>
References: <[🔎] B0AA26B538DD4C15884CB658AD15788D@NicoPC> <[🔎] CAOuLD1VDeSKWOZ0D8A_ctpwKa4Ee_L-u1W8JExNqWqOR8=KuRw@mail.gmail.com> <[🔎] 4B18893A2FC54051A966F3C5AA4D48AC@NicoPC> <[🔎] 201401221100.48230.mmucciolo@suteba.org.ar> <[🔎] CAE7pJ3BX6oYNDGFL0KCkNYFVMJXA+yD1eAeE4nbwpjiT5oQQ_Q@mail.gmail.com>

* emmanuel segura <emi2fast@gmail.com> [2014-01-22 15:06 +0100]:
> if you think you are been hacked, you can use ps, lsof and others commands
> from other not hacked server, for example scp goodserver:/bin/ps /tmp/ps
> and use /tmp/ps, this isn't secure, because maybe the attacker installed
> one rootkit

If you have used the password for goodserver, then the attacker may
now have this as well. Or the passphrase to your key. If you do not
need any of these, the goodserver might not be that good.

Nicolas

Reply to:

References:
- Re: finding a process that bind a spcific port
  - From: "Nico Angenon" <nico@creaweb.fr>
- Re: finding a process that bind a spcific port
  - From: Lesley Binks <lesley.binks@gmail.com>
- Re: finding a process that bind a spcific port
  - From: "Nico Angenon" <nico@creaweb.fr>
- Re: finding a process that bind a spcific port
  - From: Matias Mucciolo <mmucciolo@suteba.org.ar>
- Re: finding a process that bind a spcific port
  - From: emmanuel segura <emi2fast@gmail.com>

Prev by Date: Re: finding a process that bind a spcific port
Next by Date: Re: NSA software in Debian
Previous by thread: Re: finding a process that bind a spcific port
Next by thread: Re: finding a process that bind a spcific port
Index(es):
- Date
- Thread