Re: Have I been kitted?

From: Lim Ghee Lam (gllim@ewarna.com)
Date: 06/12/02


From: "Lim Ghee Lam" <gllim@ewarna.com>
To: "Terry Browning" <terry@nihil.demon.co.uk>
Date: Wed, 12 Jun 2002 12:02:38 +0800

Hi Terry,

Sometimes the chkrootkit will be reporting that ... even on a fresh
installed system. It may be when the process was hidden during the
check..But when I tried again the check didn't find any hidden process.
I think depends whether you can bring down the machine then a complete
reinstall making sure the vulnerabilty has been taken care of an option or
if it's a 24X7 server, read what actually the chkrootkit has found.. it's
useful to determine what files changes, binaries, configs..Also try with rpm
to determine and if you have configured tripwire and the like it's a good
idea to verify against the system..

Regards
LIM GHEE LAM

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.351 / Virus Database: 197 - Release Date: 4/19/2002