Re: How to detect whether your machine is compromised?

To: debian-user@lists.debian.org
Subject: Re: How to detect whether your machine is compromised?
From: "Douglas A. Tutty" <dtutty@porchlight.ca>
Date: Fri, 5 Oct 2007 13:08:07 -0400
Message-id: <[🔎] 20071005170807.GB7364@titan.hooton>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 47066419.8000902@gmail.com>
References: <[🔎] 47066419.8000902@gmail.com>

On Fri, Oct 05, 2007 at 09:49:37PM +0530, Raj Kiran Grandhi wrote:
> 
> There is an article on slashdot,
> http://it.slashdot.org/article.pl?sid=07/10/05/1234217&from=rss which 
> says that most of the phishing sites are being run from rootkitted linux 
> boxes. I dunno how accurate their analysis is (the results were not 
> released), however I wonder if there is any way to establish whether a 
> given machine is compromised or not.
> 
> Are there any tools available that one can run on a regular basis? What 
> measures can we take to ensure that we are somehow alerted if our system 
> gets compromised?

There are some packages in Debian that can help.  However, remember that
they have to be run from a know good box.  A rooted box won't tell you
that its been rooted.

If the article is correct, I wonder what's up with Linux that its being
rooted.

Doug.

Reply to:

Follow-Ups:
- Re: How to detect whether your machine is compromised?
  - From: Ralph Katz <ralph.katz@rcn.com>

References:
- How to detect whether your machine is compromised?
  - From: Raj Kiran Grandhi <grajkiran@gmail.com>

Prev by Date: Re: install boot
Next by Date: Re: Converting sxw files to ps or pdfs
Previous by thread: Re: How to detect whether your machine is compromised?
Next by thread: Re: How to detect whether your machine is compromised?
Index(es):
- Date
- Thread