On Fri, Oct 05, 2007 at 09:49:37PM +0530, Raj Kiran Grandhi wrote: > > There is an article on slashdot, > http://it.slashdot.org/article.pl?sid=07/10/05/1234217&from=rss which > says that most of the phishing sites are being run from rootkitted linux > boxes. I dunno how accurate their analysis is (the results were not > released), however I wonder if there is any way to establish whether a > given machine is compromised or not. > > Are there any tools available that one can run on a regular basis? What > measures can we take to ensure that we are somehow alerted if our system > gets compromised?
There are some packages in Debian that can help. However, remember that they have to be run from a know good box. A rooted box won't tell you that its been rooted. If the article is correct, I wonder what's up with Linux that its being rooted. Doug. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
