[ILUG] Possible system compromise
Niall Brady
bradyn at maths.tcd.ie
Wed Jan 23 12:19:09 GMT 2002
On Wed, 23 Jan 2002 12:05:52 GMT, Niall O Broin said:
>
<snippity>
>rootkit or other. It sounds a very strange to me for a rootkit to do i.e. to
Only thing I've seen around the gaff recently (came across a
compromised machine) was the adore rootkit... changes ps and a few
other things... haven't heard of any rootkit that touches network
script though...
Dunno, do the usual stuff... strings on swap (see if any weird
source code turns up), passwd files, dates of binaries etc. etc.
--
Niall
PS actually bothered my ass googling, and got
http://www.mycert.mimos.my/advisory/MA26.htm
More information about the ILUG
mailing list