on Wed, Dec 03, 2003 at 01:03:34AM -0800, Vanh Phom ([EMAIL PROTECTED]) wrote: > Hi folk, > After reading on report of servers compromised. Just for curiorsity I > run chkrootkit on my own machine and come up with this result: > > Searching for anomalies in shell history files... nothing found > Checking `asp'... not infected > Checking `bindshell'... not infected > Checking `lkm'... You have 12 process hidden for readdir command > You have 12 process hidden for ps command > Warning: Possible LKM Trojan installed > Checking `rexedcs'... not found > Checking `sniffer'... > eth0: PROMISC > > Is my machine compromised? How to fix this?
12 hidden processes is more than I've typically seen (4).
# chkrootkit -v lkm
...for more verbose diagnostics.
Peace.
--
Karsten M. Self <[EMAIL PROTECTED]> http://kmself.home.netcom.com/
What Part of "Gestalt" don't you understand?
Integrity, we've heard of it: http://www.theregister.co.uk/
pgp00000.pgp
Description: PGP signature
