On Sun, 17 Nov 2002 at 11:18:25PM -0500, Stephen Gran wrote: > netstat only shows the 2 outgoing connections - nothing coming in. I > kind of suspect this is a stale entry (especially with that TTL, which > is slowly counting down, unlike the two outgoing ones) from an ssh > session I had over the weekend, but I logged out cleanly (I thought). I > have heard of rootkits that hide their tracks from ps and such, but over > ssh? > > Anybody seen this kind of thing before? Should I be worried? I suppose > I should mention that chkrootkit came back clean, FWIW. Since you think it is left over from one of your logins look at the auth.log and see if that IP address appears in it with your user name logging in...
-- Phil PGP/GPG Key: http://www.zionlth.org/~plhofmei/ wget -O - http://www.zionlth.org/~plhofmei/key.txt | gpg --import -- Excuse #228: PCMCIA slave driver
pgpzgMlDfYulJ.pgp
Description: PGP signature
