its okay to me.i didn't followed so close your emails and replies, your system was compromised,or you just suspect that? is that a permanent online box? can you unplugged it and look closely into it? chkrootkit is pretty gewd,but personally i trust only me. *grin* take care, Dani.
-----Mesaj original----- De la: Tarjei Huse [mailto:[EMAIL PROTECTED]] Trimis: Monday, December 03, 2001 1:01 PM Catre: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subiect: Re: Răspuns: finding hidden processes Thanks, I got: dev_to_tty tdev /dev/pts/%s /dev/%s /dev/tty%s /dev/pty%s /dev/%snsole Obsolete W option not supported. (You have a /dev/drum?) Any comments? Does this look ok? Tarjei Petre Daniel wrote: > > -----Mesaj original----- > De la: Tarjei Huse [mailto:[EMAIL PROTECTED]] > Trimis: Monday, December 03, 2001 9:15 AM > Catre: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subiect: finding hidden processes > > Hi If I run chkproc from the chkrootid package I get: > You have 3 process hidden for readdir command > You have 3 process hidden for ps command > > How can I find these processes? > Tarjei > > try "strings /bin/ps | grep dev" and if ps is corrupted you will see the > location > of the configuration files for the rootkit.go there and look into them.good > luck. > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] > > _________________________________________________________ > Do You Yahoo!? > Get your free @yahoo.com address at http://mail.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
