Re: My machine compromised?

To: debian-user@lists.debian.org
Subject: Re: My machine compromised?
From: Paul Morgan <paulswm@earthlink.net>
Date: Wed, 03 Dec 2003 06:43:29 -0500
Message-id: <[🔎] pan.2003.12.03.11.43.27.52353@earthlink.net>
References: <[🔎] 1070442213.1327.7.camel@debian>

On Wed, 03 Dec 2003 01:03:34 -0800, Vanh Phom wrote:

> Hi folk,
> After reading on report of servers compromised. Just for curiorsity I
> run chkrootkit on my own machine and come up with this result:
> 
> Searching for anomalies in shell history files... nothing found
> Checking `asp'... not infected
> Checking `bindshell'... not infected
> Checking `lkm'... You have    12 process hidden for readdir command
> You have    12 process hidden for ps command
> Warning: Possible LKM Trojan installed
> Checking `rexedcs'... not found
> Checking `sniffer'... 
> eth0: PROMISC
> 
> Is my machine compromised? How to fix this?
> 
> Vanh

Read "Running chrootkit" in http://www.wiggy.net/debian/developer-securing/

...oh, and try searching the list before posting, this question's been
covered at length over the last few days...

-- 
....................paul


"I think that gay marriage is something that should be between a man and
a woman."

-- Arnold Schwarzenegger, Governor of California

Reply to:

References:
- My machine compromised?
  - From: Vanh Phom <vphom@comcast.net>

Prev by Date: Re: How to post to linux.debian.user
Next by Date: Re: Changes made to /etc/ioctl.save follow
Previous by thread: Re: My machine compromised?
Next by thread: Re: My machine compromised?
Index(es):
- Date
- Thread