Re: Mysterious udp packets

From: Don Felgar (
Date: 08/17/01

Date: Fri, 17 Aug 2001 09:17:10 -0700
To: Lee Smith <>
Subject: Re: Mysterious udp packets
Message-ID: <>
From: Don Felgar <>

On Fri, Aug 17, 2001, Lee Smith wrote:

> You may want to find a (near) identical machine and snag a netstat
> and lsof binary off of them, or at least check the md5sums of yours
> to some known safe ones. most rootkits i've seen are going to
> replace at least netstat and ps.

None of the binaries I copied over from other machines behave any
differently, including ps, netstat, and lsof.

Incidentally I forgot to mention that top seems to indicate that the
myserty process is not one that comes to life each second.