[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How to detect whether your machine is compromised?

On 10/5/07, Raj Kiran Grandhi <grajkiran@gmail.com> wrote:
> Hi,
> There is an article on slashdot,
> http://it.slashdot.org/article.pl?sid=07/10/05/1234217&from=rss which
> says that most of the phishing sites are being run from rootkitted linux
> boxes. I dunno how accurate their analysis is (the results were not
> released), however I wonder if there is any way to establish whether a
> given machine is compromised or not.
> Are there any tools available that one can run on a regular basis? What
> measures can we take to ensure that we are somehow alerted if our system
> gets compromised?

Maybe running tcpdump, and then "read" the capture to see anything
that should not be therer

Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."

Reply to: