Re: hidden processes
From: Birl (sbirl_at_temple.edu)
Date: 07/31/03
- Previous message: Brad Hill - Quonic: "RE: IP address allocation"
- In reply to: Vlady: "hidden processes"
- Next in thread: Johnson, Kevin: "RE: hidden processes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 31 Jul 2003 09:39:35 -0400 (EDT) To: security-basics@securityfocus.com
As it was written on Jul 30, thus Vlady spake unto security-basics@security...:
vlady: Date: Wed, 30 Jul 2003 17:28:22 -0400
vlady: From: Vlady <vlady@cyber2000.ca>
vlady: To: security-basics@securityfocus.com
vlady: Subject: hidden processes
vlady:
vlady: Hi,
vlady: One of my mashines is hacked and chkrootkit-0.40 tells me that I have 3
vlady: proccess hidden from "ps". All of my system binaries looks like beeing clean.
vlady: Using "netstat" I can see that there is not a lisenning servise other than the
vlady: services suppused to work on the machine.
vlady: I know that the best way to go further is to reinstall the machine but first I
vlady: would like to understand more of what have happend.
vlady:
vlady: My question is how can I see this 3 hidden processes.
vlady:
vlady: Cheers
vlady: Vlady
Have you tried 'lsof' or even 'lsof -i' ?
Thanks
Scott Birl http://concept.temple.edu/sysadmin/
Senior Systems Administrator Computer Services Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*
---------------------------------------------------------------------------
----------------------------------------------------------------------------
- Previous message: Brad Hill - Quonic: "RE: IP address allocation"
- In reply to: Vlady: "hidden processes"
- Next in thread: Johnson, Kevin: "RE: hidden processes"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
