Re: How to detect whether your machine is compromised?

To: debian-user <debian-user@lists.debian.org>
Subject: Re: How to detect whether your machine is compromised?
From: "Guillermo Garron" <guillermo.fedora@gmail.com>
Date: Sat, 6 Oct 2007 10:57:14 -0400
Message-id: <[🔎] 865773ce0710060757o1004d3f2o987da81b0c7f8be5@mail.gmail.com>
In-reply-to: <[🔎] 47066419.8000902@gmail.com>
References: <[🔎] 47066419.8000902@gmail.com>

On 10/5/07, Raj Kiran Grandhi <grajkiran@gmail.com> wrote:
> Hi,
>
> There is an article on slashdot,
> http://it.slashdot.org/article.pl?sid=07/10/05/1234217&from=rss which
> says that most of the phishing sites are being run from rootkitted linux
> boxes. I dunno how accurate their analysis is (the results were not
> released), however I wonder if there is any way to establish whether a
> given machine is compromised or not.
>
> Are there any tools available that one can run on a regular basis? What
> measures can we take to ensure that we are somehow alerted if our system
> gets compromised?

Maybe running tcpdump, and then "read" the capture to see anything
that should not be therer

-- 
Guillermo Garron
"Linux IS user friendly... It's just selective about who its friends are."
http://feeds.feedburner.com/go2linux
http://www.go2linux.org

Reply to:

References:
- How to detect whether your machine is compromised?
  - From: Raj Kiran Grandhi <grajkiran@gmail.com>

Prev by Date: Re: How to set iceweasel as the application to open http hyper links in icedove?
Next by Date: Re: seeking advice on free dns
Previous by thread: Re: How to detect whether your machine is compromised?
Next by thread: Re: How to detect whether your machine is compromised?
Index(es):
- Date
- Thread