El Domingo, 21 de Octubre de 2007 01:38, John Summerfield escribió: > > I've seen one that didn't do what they installer intended (it tried to > email its IP address to someone, but assumed eth0 was the interface to > the world. it was, but had a private IP address on it. > > It also installed binaries that caused the system to crash, and that > alerted me (and ensured that even if the intruder found it, he'd not be > able to use it). Even when I run chkrootkit I don't feel safe cause if you're system has been owned, are you sure you can trust the results the anti rootkit is reporting you? >From my point of view, if you got a rootkit the best thing you can do it, firstly, figure out how you got hacked and then just re-install the system, otherwise, the system is not going to be truly reliable anymore. Sometimes it's also a good idea to have the "strings" command in mind when you think you have been hacked, string ls string reboot and string some other important commands is usually a good start (bearing in mind that string could have been replace, hence we're in the same loop again) :-) > > On another system, a kit penetrated a user account (the boss's wife's), > couldn't crack the kernel, though it had tools to test known sploits, > installed an IRC bot and proceeded to scan the Internet for vulnerable > systems. It reminds me when I was working with some AIX and we got a visitor who uploaded linux exploits and tried to run them forever, I'd pay to see his face saying something..."why these damn exploits are not running in this system, they run perfectly on my linux box..." All the best Manuel. -- Manuel Arostegui Ramirez. Electronic Mail is not secure, may not be read every day, and should not be used for urgent or sensitive issues.
