I came across a few items on a machine here that was 9at one time) on its own
IP address. The evidence as such was 2 tgz files located in root level /tmp
and an executable file.
I also found in at least one of those two tgz files a complete rootkit (or the
appearance of one) and have since backed up the system (using a rescue disk).
my question is: would anyone on here like to have a copy of these tools to
pick arapt and see what they do?
I personally don't have the time to go into this myself, but I am sure there
is a security expert hanging out on the list here that would be interested.
Technomage Hawke
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)
