I came across a few items on a machine here that was 9at one time) on its own 
IP address. The evidence as such was 2 tgz files located in root level /tmp 
and an executable file.

I also found in at least one of those two tgz files a complete rootkit (or the 
appearance of one) and have since backed up the system (using a rescue disk).

my question is: would anyone on here like to have a copy of these tools to 
pick arapt and see what they do?

I personally don't have the time to go into this myself, but I am sure there 
is a security expert hanging out on the list here that would be interested.

Technomage Hawke
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss