Re: Compromised? (Was Re: hard disk access on every keystroke in console mode!)
On Tue, 16 Dec 2003 00:44:47 -0500,
michelle <auto_delete_all_incoming@dynodonalies.com> wrote in message
<[🔎] brpo40$d0k$1@sea.gmane.org>:
> Tim Connors wrote:
> >
> > When did it start happening for you?
> >
>
> The disks I used were from sarge iso images I got during the
> compromise. I also got some more a few days ago and tried them. Same
> problem. All checksums are fine. No rootkits that I can find. The
> system is not on a network.
..excellent, leave it off until you _know_ you haven't been tricked into
DL'ing some forged iso's.
..get a knoppix type cd burned and reboot from that, and redo your
md5sum etc checks, if they manage to mess with a knoppix cd so
it okays bad files without you noticing, these guys are _very_ good.
..and, you wanna check your iso's md5sums against a verified
debian mirror or somesuch, if you sarge iso's has been faked,
your md5sums will look "ok" too.
--
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
Scenarios always come in sets of three:
best case, worst case, and just in case.
Reply to: