[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] CHkrootkit output
- Subject: RE: [cobalt-users] CHkrootkit output
- From: "Phil Beynon" <phil@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Sun Apr 18 09:48:02 2004
- List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>
> > thx LOL
> > ----- Original Message -----
> > From: "William J.A. Brillinger" <billy@xxxxxxxxxx>
> > To: <cobalt-users@xxxxxxxxxxxxxxx>
> > Sent: Sunday, April 18, 2004 1:55 PM
> > Subject: Re: [cobalt-users] CHkrootkit output
> >
> >
> > > At 01:45 PM 18/04/2004 +0200, you wrote:
> > > >Today i noticed this in my report from chkrootkit.
> > > >
> > > >Checking `sniffer'... /proc/5/fd: Permission denied
> > > >
> > > >This wasnt there in the older version i was using.... can
> someone shed
> > tom
> > > >lit on it....
> > >
> > > OH! Me, I know this one! Let me answer it!
> > >
> > > Your RAQ doesn't have a floppy - so no permission to read the
> floppy ;)
> > >
> > > - Bill B.
> > >
> > >
> > >
> > > ---------------------------------
> > > William J.A. Brillinger
> > > Precision Design Co.
>
> I believe that machine has been hacked. Is cron doing weird stuff? Other
> processes like devine?
>
> David Hahn
> PageKeeper Service
> 1512 Deborah Road #102
> Rio Rancho, New Mexico 87124 US
> 505-892-8723
> http://www.pagekeeperservice.com
The fd bit in the path means floppy drive - no drive means no permissions!
:-)
NO evidence whatsoever that a hack has occured has been presented!
Phil
** http://www.diygear.com THE Online DIY Toolstore For DIY & Business
** Infolink Electronic Systems Ltd. http://www.infolinkelectronics.co.uk
** Professional Web Design & Cobalt Hosting Solutions
** Sun Cobalt iForce Reseller - Canon Silver Reseller
** Contact: Sales@xxxxxxxxxxxxxxxxxxxxxxxxx
** Tel / Fax 0121 458 4894 (office) 0121 441 3558 (home)