Re: My machine compromised?

To: debian-user@lists.debian.org
Subject: Re: My machine compromised?
From: Debian User <debian-user@zerocrossings.com>
Date: Wed, 3 Dec 2003 09:16:58 -0500
Message-id: <jUsT.aNoTheR.mEsSaGe.iD.10704608732017non specified
Reply-to: debian-user@zerocrossings.com

great tool ... never knew it existed until this post. 

At Wednesday, 3 December 2003, "Karsten M. Self" <kmself@ix.netcom.
com> wrote:

>on Wed, Dec 03, 2003 at 01:03:34AM -0800, Vanh Phom (vphom@comcast.
net) wrote:
>> Hi folk,
>> After reading on report of servers compromised. Just for curiorsity I
>> run chkrootkit on my own machine and come up with this result:
>> 
>> Searching for anomalies in shell history files... nothing found
>> Checking `asp'... not infected
>> Checking `bindshell'... not infected
>> Checking `lkm'... You have    12 process hidden for readdir command
>> You have    12 process hidden for ps command
>> Warning: Possible LKM Trojan installed
>> Checking `rexedcs'... not found
>> Checking `sniffer'... 
>> eth0: PROMISC
>> 
>> Is my machine compromised? How to fix this?
>
>12 hidden processes is more than I've typically seen (4).
>
>    # chkrootkit -v lkm
>
>...for more verbose diagnostics.
>
>Peace.
>
>-- 
>Karsten M. Self <kmself@ix.netcom.com>        http://kmself.home.
netcom.com/
> What Part of "Gestalt" don't you understand?
>   Integrity, we've heard of it:  http://www.theregister.co.uk/
>
>Attached file
>Save attachment 
>View attachment as text 
> Name: attachment.38
> Type: application/pgp-signature
>
>

Reply to:

Prev by Date: LILO and bootloaders (was Re: unchecked 31 times)
Next by Date: Re: Debian Investigation Report after Server Compromises
Previous by thread: Re: My machine compromised?
Next by thread: Filters in Evolution
Index(es):
- Date
- Thread