[ILUG] Bad EIP value due to compromise
Conor Wynne
weeboy at conorwynne.com
Tue Aug 24 15:42:28 IST 2004
> You might be jumping to conclusions. try running "chkrootkit"
> www.chkrootkit.org
As I wrote that, I decided to install and run chkrootkit on my own
websever. It resulted in:
Checking `lkm'... You have 4 process hidden for readdir command
You have 4 process hidden for ps command
Googling gives me others similarly confused. I am still running 2.6.4 on
this particular box, as it refused to boot into 2.6.6 rpm upgraded
kernel via apt. Dunno why.
Now downgrading to kernel#2.4.22-1.2199.nptl and we shall see if she
boots or not.
Is this box really trojaned or what?
> >
> > What fun!
> >
> > Brendan
--
Conor Wynne
Dublin
Irlande
Key Fingerprint 1A95 E50F A15F 6601 A587 A9D8 4E55 1173 C2FE FAC2
Get my key here: http://www.conorwynne.com/gpg-key
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mail.linux.ie/pipermail/ilug/attachments/20040824/ef5d3230/attachment.pgp
More information about the ILUG
mailing list