Re: Hidden processes....or not....using unhide package

NN_il_Confusionario Sun, 13 Apr 2008 09:22:50 -0700

On Sun, Apr 13, 2008 at 02:41:55PM +0100, Robin wrote:
> unhide proc :- Which gives intermittent hidden processes
> unhide sys  :-  [*]Searching for Hidden processes through getsid() scanning
>                                 Found HIDDEN PID: 16356
>                 [*]Searching for Hidden processes through 
> sched_getscheduler() scanning
>                                 Found HIDDEN PID: 17408
> unhide brute :-[*]Starting scanning using brute force against PIDS
>                                 Found HIDDEN PID: 2216
>                                 Found HIDDEN PID: 2503


You could also try 
netatst -anp|less
unhide-tcp

If someone hacked the box, probably a net process was used to enter and 
new net processes are spanned.

Moreover:

 apt-cache search forensic

   Linkname: Securing Debian Manual
        URL: http://www.debian.org/doc/user-manuals#securing

might give further ideas

-- 
Chi usa software non libero avvelena anche te. Digli di smettere.
Informatica=arsenico: minime dosi in rari casi patologici, altrimenti letale.
Informatica=bomba: intelligente solo per gli stupidi che ci credono.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED] 
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: Hidden processes....or not....using unhide package

Reply via email to