Checked the /tmp /var/tmp and /dev/ directories for hacker files. That will provide some clues. Try to run chkrootkit and bring in clean copies of ps,netstat,find,ls,md5sum and other tools you may need to investigate the incident.
Most hackers are sloppy, a quick: find /dev -perm 755 will reveal any executables installed via a rootkit. showtee is a popular kit used againsts raqs as there are auto-exploit tools that use it. Jeff www.rackaid.com _______________________________________________ cobalt-security mailing list [EMAIL PROTECTED] http://list.cobalt.com/mailman/listinfo/cobalt-security
