Re: Linux Backdoor
From: smg (no@thankyou.com)
Date: 11/30/02
- Next message: mikere: "Re: Being attacked but don't know how"
- Previous message: those who know me have no need of my name: "Re: who owns IP"
- In reply to: Nicholas Johnson: "Linux Backdoor"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "smg" <no@thankyou.com> Date: Sat, 30 Nov 2002 04:05:09 GMT
"Nicholas Johnson" <njohnson@csh.rit.edu> wrote in message
news:Pine.SOL.4.31.0211290123230.26146-100000@fury.csh.rit.edu...
>
> What should I look for if I think there is a backdoor installed on my box?
Hello
The advice about using "chkrootkit" is good. Try it out and see if it finds
anything on your system. . This will be the easiest approach and will catch
about 95% of all hacked systems, in my experience at least.
>From the outside looking in, you could also try using a port scanner to see
that
what ports are open/accepting connections and then compare them to the known
services you are running. This can be daunting for a newcomer but it tends
to be
an invaluable lesson, well worth the effort to investigate each port to
determine if
there are in fact "backdoors" open on your host. At the same time, you will
learn
lots about services and ports.
NMAP is a great portscanning tool and is relatively easy to use.
www.insecure.org/nmap
Good luck,
smg
- Next message: mikere: "Re: Being attacked but don't know how"
- Previous message: those who know me have no need of my name: "Re: who owns IP"
- In reply to: Nicholas Johnson: "Linux Backdoor"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
