Seriously, I second the recommendation to disconnect the network connection.
That should take care of any current connections, however you'll still need
to be aware of any current running processes or system changes.  It's
possible for someone to drop something that could just sit and gather
information offline and send it up when it detects a live network
connection.   

-----Original Message-----
From: plug-discuss-bounces@lists.plug.phoenix.az.us
[mailto:plug-discuss-bounces@lists.plug.phoenix.az.us] On Behalf Of Craig
White
Sent: Friday, February 17, 2006 7:00 PM
To: Main PLUG discussion list
Subject: Re: how to tell whe you have a hacker?

On Fri, 2006-02-17 at 17:48 -0800, Jeremy C. Reed wrote:
> On Fri, 17 Feb 2006, Technomage wrote:
> 
> > if you are using an rpm based distribution, you can do a special 
> > query of all the installed packages to see which ones have been changed.
> 
> Also with Debian packages too. Each package has a *.md5sums file under 
> /var/lib/dpkg/info. It can be used like:
> 
>  cd /
>  for m in /var/lib/dpkg/info/*md5sums ; do md5sum -c $m ; done
> 
> This will have some false positives. And it is not as powerful or 
> useful as the rpm queries though.
> 
> I suggest unplugging your network connection.
----
I've been wishing the same but for different reasons

;-)

Craig

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss