Re: Have I been kitted?From: Hans-Joachim Picht (email@example.com)
- Previous message: Hans-Joachim Picht: "Re: Web filtering?"
- In reply to: Terry Browning: "Have I been kitted?"
- Next in thread: Willi Dyck: "Re: Have I been kitted?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Jun 2002 13:35:53 +0200 From: Hans-Joachim Picht <firstname.lastname@example.org> To: email@example.com
On Sun, Jun 09, 2002 at 12:19:57PM +0100, Terry Browning wrote:
> Is that a good sign? Has nmap been fooled by an LKM? Have I wasted time
> chasing my tail?
> What is the best strategy for dealing with an LKM kit? Reinstall linux
> from CD or try to remove it?
Check the md5 checksum for you netstat and ps binaries and run netstat
-anp to see which programm opened the ports on your system.
Withb est regards
-- Work: Consultant with Linux Consulting Europe <firstname.lastname@example.org> http://www.lnxce.net Vogelhecke 2 D - 35447 Reiskirchen Tel: +491751629201 Fax: +49640862649 Germany Private: email@example.com