Re: Have I been kitted?
From: Hans-Joachim Picht (hans@picht.org)Date: 06/12/02
- Previous message: Hans-Joachim Picht: "Re: Web filtering?"
- In reply to: Terry Browning: "Have I been kitted?"
- Next in thread: Willi Dyck: "Re: Have I been kitted?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 12 Jun 2002 13:35:53 +0200 From: Hans-Joachim Picht <hans@picht.org> To: focus-linux@securityfocus.com
On Sun, Jun 09, 2002 at 12:19:57PM +0100, Terry Browning wrote:
> Is that a good sign? Has nmap been fooled by an LKM? Have I wasted time
> chasing my tail?
>
> What is the best strategy for dealing with an LKM kit? Reinstall linux
> from CD or try to remove it?
Check the md5 checksum for you netstat and ps binaries and run netstat
-anp to see which programm opened the ports on your system.
Withb est regards
Hans
-- Work: Consultant with Linux Consulting Europe <hjp@lnxce.net> http://www.lnxce.net Vogelhecke 2 D - 35447 Reiskirchen Tel: +491751629201 Fax: +49640862649 Germany Private: hans@picht.org
- Previous message: Hans-Joachim Picht: "Re: Web filtering?"
- In reply to: Terry Browning: "Have I been kitted?"
- Next in thread: Willi Dyck: "Re: Have I been kitted?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
