Re: RootKits Question

From: Martin Ostlund (
Date: 08/01/01

Date: Wed, 1 Aug 2001 20:16:30 +0300 (EEST)
From: Martin Ostlund <>
To: Nick Lange <>
Subject: Re: RootKits Question
Message-ID: <>

On Wed, 1 Aug 2001, Nick Lange wrote:
> The machine was a redhat install but patched up from all relevant security
> advisories (or so I thought, the only one I can see is maybe xinetd)...

 Hi. One can never be secured enough:)
> anyone seen anything? a quick search for /sbin/a.out reveals nothing
> it may have been datapipe.c but I doubt that as well, as it's simply a port
> forwarder [for auth port]
> nick
 Have you tried strings /sbin/a.out ? strings will print out
all readable text from a binary, also check which date and time it was
created, and if something shows up in messages/syslog around that
date and time. Try to check for backdoors, netstat -atn | grep LIST