[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to tell if a Linux machine is a zombie?

Russell L. Harris wrote:
Yesterday I read another article bemoaning the large number of Window$
machines which have been commandeered remotely and turned into
spam-spewing zombies.

If I understand the matter correctly, a firewall can protect only
against incoming messages, and is useless against spyware which
"phones home" or zombie-ware which spews email spam.

So, before I preach about the dangers of spyware and zombies to my
buddies using Window$, how can I be certain that my own Debian machine
has not been compromised and has not become a zombie?  Is there a
simple test which I can run on a weekly basis?
My LAN is protected by a machine running SmoothWall Express 2.0,
acting as a firewall and router.  Would an internal firewall package be
useful in this environment?

Thanks to this list I recently learned of two useful utilities, namely rkhunter and chkrootkit, that should be what you are looking for. I have been using Debian (and Linux) for a short time (8 months now) so please take my advice with a grain of salt before some of the gurus of the list confirm what I suggested.


Reply to: