[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Hacked Cobalt Servers

Subject: RE: [cobalt-users] Hacked Cobalt Servers
From: "Chuck Lewis" <clewis@xxxxxxxxxx>
Date: Fri Apr 18 06:09:01 2003
List-id: Mailing list for users to share thoughts on Sun Cobalt products. <cobalt-users.list.cobalt.com>

Tom,

Thanks for the reply. So are you saying that it is OK to have the LKM on and
not worry about it ? I'm confused - sorry :-)

I'm running it now and will run it a couple of more times.

Thanks,

Chuck 

-----Original Message-----
From: Tom Cameron  Sent: Thursday, April 17, 2003 5:29 PM
 
>LMK is a trojan that modifies your 'ps' command and attempts to hide
>processes. This check simply adds up the processes in the 'ps' command and
>compares that with the real processes.

>Unfortunately the two checks are run seconds appart and sometimes the
>difference in the number of processes is not actually an indication of the
>trojan but just a consequence of  new processes starting up on your machine
>between the checks.

>Run the check again several times to be certain that it is a constant
>problem. On my Raq I get this warning about once every few months and it
>always turns out to be a false alarm.

>Tom

References:
- RE: [cobalt-users] Hacked Cobalt Servers
  - From: Tom Cameron

Prev by Date: RE: [cobalt-users] How to collect mail from default mailbox
Next by Date: RE: [cobalt-users] Rumor or Fact??? about Cobalt Product Fate...
Previous by thread: RE: [cobalt-users] Hacked Cobalt Servers
Next by thread: [cobalt-users] Raq3 - Can't locate module binfmt-464c

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index