[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Segmentation fault (df)



Greetings,...

Am Samstag, 26. Februar 2005 22:57 schrieb BJ Dierkes:

> If your concirned that you *may* have been hacked, as it is always a
> possibility, I would recommend running Rootkit Hunter (rkhunter) on the box
> as well as the other rootkit checks.

running rootkit hunters and doing forensics hunters it quite a difficult 
topic.
1st. If you don't have restrictions like lids, it is very hard to find 
rootkits in a compromised systems, because they compromise system-routings as 
well, while running.
2nd. If you use Knoppix (or a simular systems) information might be deleted 
because of rebooting the system.

If you are able to replace the system by another one, do so. If the data is 
worth the effort hire some experts doing the investigations, (don't reboot 
it, just cut the network connections).
If not, google about forensices, and invest at least 4 hours in reading, what 
rootkits, exploit might concern you and how to detect 'em.

(btw. Debian Sarge and Woody should be considered as unsafe 'cause different 
vulns exists, the sec team is (pratically) unable to fix.)

Keep smiling
yanosz



Reply to: