great tool ... never knew it existed until this post. At Wednesday, 3 December 2003, "Karsten M. Self" <[EMAIL PROTECTED] com> wrote:
>on Wed, Dec 03, 2003 at 01:03:34AM -0800, Vanh Phom ([EMAIL PROTECTED] net) wrote: >> Hi folk, >> After reading on report of servers compromised. Just for curiorsity I >> run chkrootkit on my own machine and come up with this result: >> >> Searching for anomalies in shell history files... nothing found >> Checking `asp'... not infected >> Checking `bindshell'... not infected >> Checking `lkm'... You have 12 process hidden for readdir command >> You have 12 process hidden for ps command >> Warning: Possible LKM Trojan installed >> Checking `rexedcs'... not found >> Checking `sniffer'... >> eth0: PROMISC >> >> Is my machine compromised? How to fix this? > >12 hidden processes is more than I've typically seen (4). > > # chkrootkit -v lkm > >...for more verbose diagnostics. > >Peace. > >-- >Karsten M. Self <[EMAIL PROTECTED]> http://kmself.home. netcom.com/ > What Part of "Gestalt" don't you understand? > Integrity, we've heard of it: http://www.theregister.co.uk/ > >Attached file >Save attachment >View attachment as text > Name: attachment.38 > Type: application/pgp-signature > > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
