Re: strange connection on port 111.. more question
From: Chad Miller (cmiller@surfsouth.com)Date: 08/16/01
- Previous message: Dragos Ruiu: "Re: Disabling X and KDM from listening on a port."
- Maybe in reply to: xyros: "Re: strange connection on port 111.. more question"
- Next in thread: Jonas Luster: "Re: strange connection on port 111.. more question"
- Reply: Jonas Luster: "Re: strange connection on port 111.. more question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 16 Aug 2001 14:44:34 -0400 From: Chad Miller <cmiller@surfsouth.com> To: focus-linux@securityfocus.com, ymir2@shinbiro.com Subject: Re: strange connection on port 111.. more question Message-ID: <20010816144433.A11372@goloshes.eng.commerceengine.com>
>>> "xyros" <ymir2@shinbiro.com> 08/15/01 06:23PM >>>
> do u have more ideas that the ways can find any backdoor, rootkit, or any suspicous things?
You can _never_ find out if the box is cracked within the environment that
the cracker controls, i.e., the cracked machine. As others have suggested,
mount the cracked disk from within an environment you trust. In addition
to the other advice, I'd recommend mouting the device with the mount flags:
readonly, noexec, and nodev. These help to prevent you from harming your-
self during the inspection.
Good luck,
- chad
- Previous message: Dragos Ruiu: "Re: Disabling X and KDM from listening on a port."
- Maybe in reply to: xyros: "Re: strange connection on port 111.. more question"
- Next in thread: Jonas Luster: "Re: strange connection on port 111.. more question"
- Reply: Jonas Luster: "Re: strange connection on port 111.. more question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
