Re: Compromised? (Was Re: hard disk access on every keystroke in console mode!)

[Arnt Karlsen <arnt@c2i.net>]

On Tue, 16 Dec 2003 00:44:47 -0500, 
michelle <auto_delete_all_incoming@dynodonalies.com> wrote in message 
<[🔎] brpo40$d0k$1@sea.gmane.org>:

> Tim Connors wrote:
> > 
> > When did it start happening for you?
> > 
> 
> The disks I used were from sarge iso images I got during the
> compromise. I also got some more a few days ago and tried them. Same
> problem. All checksums are fine. No rootkits that I can find. The
> system is not on a network. 

..excellent, leave it off until you _know_ you haven't been tricked into
DL'ing some forged iso's.

..get a knoppix type cd burned and reboot from that, and redo your
md5sum etc checks, if they manage to mess with a knoppix cd so 
it okays bad files without you noticing, these guys are _very_ good.

..and, you wanna check your iso's md5sums against a verified 
debian mirror or somesuch, if you sarge iso's has been faked, 
your md5sums will look "ok" too.

-- 
..med vennlig hilsen = with Kind Regards from Arnt... ;-)
...with a number of polar bear hunters in his ancestry...
  Scenarios always come in sets of three: 
  best case, worst case, and just in case.