Re: Segmentation fault (df)
Greetings,...
Am Samstag, 26. Februar 2005 22:57 schrieb BJ Dierkes:
> If your concirned that you *may* have been hacked, as it is always a
> possibility, I would recommend running Rootkit Hunter (rkhunter) on the box
> as well as the other rootkit checks.
running rootkit hunters and doing forensics hunters it quite a difficult
topic.
1st. If you don't have restrictions like lids, it is very hard to find
rootkits in a compromised systems, because they compromise system-routings as
well, while running.
2nd. If you use Knoppix (or a simular systems) information might be deleted
because of rebooting the system.
If you are able to replace the system by another one, do so. If the data is
worth the effort hire some experts doing the investigations, (don't reboot
it, just cut the network connections).
If not, google about forensices, and invest at least 4 hours in reading, what
rootkits, exploit might concern you and how to detect 'em.
(btw. Debian Sarge and Woody should be considered as unsafe 'cause different
vulns exists, the sec team is (pratically) unable to fix.)
Keep smiling
yanosz
Reply to: