[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] LKM Trojans

Subject: RE: [cobalt-users] LKM Trojans
From: David Etheridge <DavidE@xxxxxxxxxxxx>
Date: Tue Mar 6 07:51:20 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

I've just done an upgrade on SSH and closed telnet access and rerun
chkrootkit (from a fresh copy in case it had been 'altered' and now there
are no hidden processes? Coincidence, luck or has the problem gone away?

Dave Etheridge

-----Original Message-----
From: Filiberto Ricci [mailto:filiberto@xxxxxxxxx]
Sent: 06 March 2001 15:03
To: cobalt-users@xxxxxxxxxxxxxxx
Subject: Re: [cobalt-users] LKM Trojans

> After a reboot the hidden processes are still there but the number of them
> doesnt seem related to the number of logins (maybe ruling out a Login
> Trojan).
>
> Does anyone know of any legitimate reason that there may be 1 or 2 hidden
> processes. I run Portsentry etc but they arent hidden!
>
> Another factor is that I installed OS4 update last week (hence my tripwire
> logs were like waaay out!).
>
> Dave Etheridge

If you do a
./chkrootkit -x
(I'm not sure check rootkit docs)
you will know the pid of what is hidden.
Then if top is not corrupted you can know what is running.

Filiberto

_______________________________________________
cobalt-users mailing list
cobalt-users@xxxxxxxxxxxxxxx
To Subscribe or Unsubscribe, please go to:
http://list.cobalt.com/mailman/listinfo/cobalt-users

Prev by Date: RE: [cobalt-users] Unable to send mail to other owned raq
Next by Date: RE: [cobalt-users] SSH or OpenSSH
Previous by thread: RE: [cobalt-users] LKM Trojans
Next by thread: [cobalt-users] Catalog Version3 error

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index