on Wed, Dec 03, 2003 at 01:03:34AM -0800, Vanh Phom (vphom@comcast.net) wrote:
> Hi folk,
> After reading on report of servers compromised. Just for curiorsity I
> run chkrootkit on my own machine and come up with this result:
>
> Searching for anomalies in shell history files... nothing found
> Checking `asp'... not infected
> Checking `bindshell'... not infected
> Checking `lkm'... You have 12 process hidden for readdir command
> You have 12 process hidden for ps command
> Warning: Possible LKM Trojan installed
> Checking `rexedcs'... not found
> Checking `sniffer'...
> eth0: PROMISC
>
> Is my machine compromised? How to fix this?
12 hidden processes is more than I've typically seen (4).
# chkrootkit -v lkm
...for more verbose diagnostics.
Peace.
--
Karsten M. Self <kmself@ix.netcom.com> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Integrity, we've heard of it: http://www.theregister.co.uk/
Attachment:
pgpZdYkUGjAC2.pgp
Description: PGP signature