[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-users] LKM Trojans

Subject: Re: [cobalt-users] LKM Trojans
From: "Filiberto Ricci" <filiberto@xxxxxxxxx>
Date: Tue Mar 6 07:23:30 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> After a reboot the hidden processes are still there but the number of them
> doesnt seem related to the number of logins (maybe ruling out a Login
> Trojan).
>
> Does anyone know of any legitimate reason that there may be 1 or 2 hidden
> processes. I run Portsentry etc but they arent hidden!
>
> Another factor is that I installed OS4 update last week (hence my tripwire
> logs were like waaay out!).
>
> Dave Etheridge


If you do a
./chkrootkit -x
(I'm not sure check rootkit docs)
you will know the pid of what is hidden.
Then if top is not corrupted you can know what is running.

Filiberto

References:
- RE: [cobalt-users] LKM Trojans
  - From: David Etheridge

Prev by Date: Re: [cobalt-users] SSH or OpenSSH
Next by Date: Re: [cobalt-users] Cobalt OS Version?
Previous by thread: RE: [cobalt-users] LKM Trojans
Next by thread: RE: [cobalt-users] LKM Trojans

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index