Re: check for root kit

To: debian-user@lists.debian.org
Subject: Re: check for root kit
From: ben <benfoley@rcn.com>
Date: Tue, 16 Apr 2002 22:43:13 -0700
Message-id: <[🔎] E16xiDq-0000mU-00@benzone.com>
In-reply-to: <[🔎] 20020423143105.GA5198@campbell-lange.net>
References: <[🔎] 20020423143105.GA5198@campbell-lange.net>

On Tuesday 23 April 2002 07:31 am, Rory Campbell-Lange wrote:
> There is a very small possibility that someone has intruded into our
> network. I would like to test my 3 woody machines for possible root
> kits. What is the best way of doing this? Should I check the md5sum of
> programs such as find, ps and ifconfig against the packaged versions?
>
> Also, is there any way of checking for a kernel module type root kit?
>

i understand that you probably want to keep info about the potential 
compromise to yourself, right now, but a consequence of your reticence in 
offering detail is that you haven't given us a lot to work with. can you 
share with us the reason for your suspicion? how the possible compromise was 
achieved is always a big clue towards appropriate defense.

ben

-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- check for root kit
  - From: Rory Campbell-Lange <rory@campbell-lange.net>

Prev by Date: Re: Emacs advice,what to install?
Next by Date: Re: Intermittent System Lockup (long)
Previous by thread: Re: check for root kit
Next by thread: Re: check for root kit
Index(es):
- Date
- Thread