Re: Mysterious udp packets

From: Don Felgar (dfelgar@rainierinternet.com)
Date: 08/17/01


Date: Fri, 17 Aug 2001 09:17:10 -0700
To: Lee Smith <lee@booksys.com>
Subject: Re: Mysterious udp packets
Message-ID: <20010817091710.A23315@rainierinternet.com>
From: Don Felgar <dfelgar@rainierinternet.com>

On Fri, Aug 17, 2001, Lee Smith wrote:

> You may want to find a (near) identical machine and snag a netstat
> and lsof binary off of them, or at least check the md5sums of yours
> to some known safe ones. most rootkits i've seen are going to
> replace at least netstat and ps.

None of the binaries I copied over from other machines behave any
differently, including ps, netstat, and lsof.

Incidentally I forgot to mention that top seems to indicate that the
myserty process is not one that comes to life each second.