Re: strange connection on port 111.. more question

From: xyros (ymir2@shinbiro.com)
Date: 08/16/01


Message-ID: <006c01c125e1$39ed3200$c802a8c0@goinfosec.co.kr>
From: "xyros" <ymir2@shinbiro.com>
To: <focus-linux@securityfocus.com>
Subject: Re: strange connection on port 111.. more question
Date: Thu, 16 Aug 2001 08:23:00 +0900

thx for kind replies.. it's helpful for me :)

i know system reconstruction is the best way.. but that's not allowed to me yet *sniff*

I'm trying find the hacking proof..

i attempt to find rootkit or backdoor using chkrookit, kstat, and manually work...

but can't find any suspicious files or processes..

To comparing system files(ls, ps, netstat, ifconfig, find, etc..) with clean system is in vain.

even md5sum is same..

do u have more ideas that the ways can find any backdoor, rootkit, or any suspicous things?


thx in advance..

- Xyros