Steve Juranich <[EMAIL PROTECTED]> wrote on 28/09/2000 (00:57) :
> Well, I wasn't paying a whole lot of attention and I had every unnecessary
> port closed... or so I thought. I was still running the portmapper. So
> when I ssh'd home today and nmapped myself, a couple of mysterious processes
> p
Ethan Benson <[EMAIL PROTECTED]> writes:
> > have a similar funcitonality? I couldn't find mention of it in the man page.
>
> debsums but like rpm -V its worthless for security. only useful for
> finding corruption due to disk crashes and whatnot.
But this is so easy to fix.
Consider...
% a
On Wed, Sep 27, 2000 at 07:49:00PM -0700, Steve Juranich wrote:
>
> Please remember that you're speaking to a recent convert from Mandrake.
> There, all I would have to do would be 'rpm -V `which top`' and rpm would
> tell me if the md5sum had been changed from the original package. Does dpkg
wh
On Wed, Sep 27, 2000 at 07:49:00PM -0700, Steve Juranich wrote:
> Please remember that you're speaking to a recent convert from Mandrake.
> There, all I would have to do would be 'rpm -V `which top`' and rpm would
Yeah, and you can type rpm -Va and have it tell you all about most of your
pack
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> On Wed, 27 Sep 2000, Alvin Oga wrote:
>
> > check the binaries tooo...
> > top, ps, ls, last, w, who, netstat, passwd, login, etc...
> >
>
> Please remember that you're speaking to a
Try using aide--it checks your filesystem (checksums, inodes, timestamps, lots
more)
to make sure that nothing's been tampered, and mails you a daily report.
http://www.debian.org/Packages/unstable/admin/aide.html. It's good stuff,
expecially
on machines that are just sitting around with minimal
On 28 Sep 2000, Olaf Meeuwissen wrote:
> bash$ man debsums
> bash$ dpkg --search `which top`
> procps: /usr/bin/top
> bash$ debsums -s procps
>
> Any output could be a problem. Of course this assumes that the listed
> md5sums have not been tampered with. They are in /var/lib/dpkg/info.
>
Okay
Steve Juranich <[EMAIL PROTECTED]> writes:
> On Wed, 27 Sep 2000, Alvin Oga wrote:
>
> > check the binaries tooo...
> > top, ps, ls, last, w, who, netstat, passwd, login, etc...
> >
>
> Please remember that you're speaking to a recent convert from Mandrake.
> There, all I would have to do w
On Wed, 27 Sep 2000, Alvin Oga wrote:
> check the binaries tooo...
> top, ps, ls, last, w, who, netstat, passwd, login, etc...
>
Please remember that you're speaking to a recent convert from Mandrake.
There, all I would have to do would be 'rpm -V `which top`' and rpm would
tell me if the
hi ya...
or maybe a httpd running as nobody ???
but most likley just news...from his prior comments
c ya
alvin
On Wed, 27 Sep 2000, Joey Hess wrote:
> Phil Brutsche wrote:
> > * Try to find a way to track who is connecting to your computer at 7:35 in
> > the morning with a packet sniffer - e
hi ya william
yestrue that grepping is kinda sillybut i just want to see if
anybody even tried...am gambling that most try but fail to get in...
( assuming too that they did not modify the log files and binaries etc
( to hide themself
i need to add *grep and lsof to that list to get a
On Wed, 27 Sep 2000, Alvin Oga wrote:
> egrep -i "failed|failure|refused|not allowed|illegal
> port|blocked|denied|passwd"\
> /var/log/messages*
There is not much to gain by this. If the information is found in your
logfile, they didn't get in :}
> check the binaries tooo...
> top, ps,
Phil Brutsche wrote:
> * Try to find a way to track who is connecting to your computer at 7:35 in
> the morning with a packet sniffer - either with another computer on the
> same hub or on your computer with a tcpdump binary you prepared
> yourself.
I suspect it's much ado about nothing. I'l
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
A long time ago, in a galaxy far, far way, someone said...
> Use "lsof -i | grep " to find out exactly what binary is running
> on that port. Then you can find out where it's at. Are there any
> other hidden utils, etc? I'd also do a "netstat -an"
hi ya steve
do the lsof and netstat thing
and am curious
try:
egrep -i "failed|failure|refused|not allowed|illegal
port|blocked|denied|passwd"\
/var/log/messages*
try: last, w, who, tooo
check the binaries tooo...
top, ps, ls, last, w, who, netstat, passwd, login, etc...
have
Use "lsof -i | grep " to find out exactly what binary is running
on that port. Then you can find out where it's at. Are there any
other hidden utils, etc? I'd also do a "netstat -an" and see what is
connected to your mystery port. Find out where your attacker is coming
from.
Robert
Thus spa
Well, I wasn't paying a whole lot of attention and I had every unnecessary
port closed... or so I thought. I was still running the portmapper. So
when I ssh'd home today and nmapped myself, a couple of mysterious processes
popped up.
To begin with: I nmapped my box and saw, much to my dismay:
P
17 matches
Mail list logo
