how to tell when you have a hacker?
Jeremy C. Reed
reed at reedmedia.net
Fri Feb 17 21:45:14 MST 2006
On Fri, 17 Feb 2006, Mike wrote:
> Well, it seems it is all okay (not that I would know). I suppose I should run
> chkroot kit daily and see if anything new shoes up.
I don't think it is okay.
> > Checking 'lkm' ... You have 4 process hidden for ps command
> > Warning: Possible LKM Trojan installed
> >
> > Is this bad?
Yes.
I would track that down more. Install tcpdump and then run it to see yoru
network traffic. But then again, that may not help if something hides its
tracks there too.
Disconnect the box from the internet. Reboot with a live CD and use it to
research your problem more. (Using the md5sum example I showed in other
email as one thing to do.)
Jeremy C. Reed
Media Relations and Publishing Services
http://www.reedmedia.net/
More information about the PLUG-discuss
mailing list