Re: How to detect whether your machine is compromised?
On 10/5/07, Raj Kiran Grandhi <firstname.lastname@example.org> wrote:
> There is an article on slashdot,
> http://it.slashdot.org/article.pl?sid=07/10/05/1234217&from=rss which
> says that most of the phishing sites are being run from rootkitted linux
> boxes. I dunno how accurate their analysis is (the results were not
> released), however I wonder if there is any way to establish whether a
> given machine is compromised or not.
> Are there any tools available that one can run on a regular basis? What
> measures can we take to ensure that we are somehow alerted if our system
> gets compromised?
Maybe running tcpdump, and then "read" the capture to see anything
that should not be therer
"Linux IS user friendly... It's just selective about who its friends are."