On Tuesday 23 April 2002 07:31 am, Rory Campbell-Lange wrote: > There is a very small possibility that someone has intruded into our > network. I would like to test my 3 woody machines for possible root > kits. What is the best way of doing this? Should I check the md5sum of > programs such as find, ps and ifconfig against the packaged versions? > > Also, is there any way of checking for a kernel module type root kit? >
i understand that you probably want to keep info about the potential compromise to yourself, right now, but a consequence of your reticence in offering detail is that you haven't given us a lot to work with. can you share with us the reason for your suspicion? how the possible compromise was achieved is always a big clue towards appropriate defense. ben -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
