Re: root or openssh exploited?

From: Kev (kcf_nospam_maguire_at_yahoo.com)
Date: 03/27/04

Next message: Jem Berkes: "Re: root or openssh exploited?"

Previous message: Jem Berkes: "Re: root or openssh exploited?"
In reply to: Jem Berkes: "Re: root or openssh exploited?"
Next in thread: Jem Berkes: "Re: root or openssh exploited?"
Reply: Jem Berkes: "Re: root or openssh exploited?"
Reply: Randy Ramsdell: "Re: root or openssh exploited?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 27 Mar 2004 09:14:06 GMT

On 2004-03-27, Jem Berkes <jb@users.pc9.org> wrote:
> A useful tool is lsof... grab a fresh copy (run it off CD or whatever).
> It will show you open files for processes, including IPv4 sockets.

lsof cant see the process. As far as lsof is concerned, it dont exist.
It looks like its the kernel that is hiding the process, this is not
just a hacked version of ps.

> I'm always very interested in actual network traffic. Using another box,
> have you tried looking for unauthorized traffic? (Network connections to
> foreign IPs, for instance)

Nothing strange that I can see, but can I really trust netstat/tcpdump
and the like?

Kev

Next message: Jem Berkes: "Re: root or openssh exploited?"

Previous message: Jem Berkes: "Re: root or openssh exploited?"
In reply to: Jem Berkes: "Re: root or openssh exploited?"
Next in thread: Jem Berkes: "Re: root or openssh exploited?"
Reply: Jem Berkes: "Re: root or openssh exploited?"
Reply: Randy Ramsdell: "Re: root or openssh exploited?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]