[NCLUG] error message
Kennan Blehm
kmblehm at sigkill.com
Mon Aug 6 16:39:39 MDT 2001
> Looking at the weird permissions and the fact that the executable is
> an order of magnitude larger than yours or mine, my first suspicion
> would be that the machine has been compromised and that this is part
> of a root kit gone wrong. Programs like ps and top are often replaced
> with versions which lie about the state of the system to mask the
> presence of the the cracker's daemon programs.
>
> I found this out first hand a couple of years ago when I ran netstat
> to find out what was making my DSL modem blink so much. Lo and behold
> my machine was diligently trying to crack other machines and
> reporting back to Israel via IRC. They has neglected to place a faked
> netstat on my machine so I could see the TCP connections, a little
> digging then turned up the rest of the damage.
I was thinking that that could be a possibility. There were a few other
things that seemed "quirky". I pretty much dismissed it though because I'm
just a Linux novice who connects to the internet via modem every night
from way out in the boonies.
I guess it can happen to anybody...:-)
Boy, am I glad there's a meeting tomorrow....
____________________________________________________________________
Kennan Blehm kmblehm at sigkill.com
"A chicken or a duck is a mistake when you do 'Swan Lake'." -F.G.
--------------------------------------------------------------------
More information about the NCLUG
mailing list