The guy who hacked me didn't seem too concerned about not being noticed. The replacement ps would not allow me to kill any processes (including the ones he was running). There was enough log information left that I could trace the intrusion and even the ISPs hub it came from and I reported it to the ISP, although I don't know of they followed it up. If he was clever, he was going through some innocent person's computer already, which would have pretty well covered his tracks.
In this case, there were only three or four passwords in the system, so I wasn't too worried about that. Tripwire would be fine, if it had a baseline, but I don't think its any good after the fact. Wilton
_______________________________________________ -- Bandwidth and Colocation Provided by http://www.api-digital.com -- asterisk-users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
