Re: Hidden processes....or not....using unhide package

Robin Sun, 13 Apr 2008 09:32:30 -0700

On 13/04/2008, NN_il_Confusionario <[EMAIL PROTECTED]> wrote:
>
> On Sun, Apr 13, 2008 at 02:41:55PM +0100, Robin wrote:
> > unhide proc :- Which gives intermittent hidden processes
> > unhide sys  :-  [*]Searching for Hidden processes through getsid()
> scanning
> >                                 Found HIDDEN PID: 16356
> >                 [*]Searching for Hidden processes through
> sched_getscheduler() scanning
> >                                 Found HIDDEN PID: 17408
> > unhide brute :-[*]Starting scanning using brute force against PIDS
> >                                 Found HIDDEN PID: 2216
> >                                 Found HIDDEN PID: 2503
>
>
> You could also try
> netatst -anp|less
> unhide-tcp
>
> If someone hacked the box, probably a net process was used to enter and
> new net processes are spanned.
>
> Moreover:
>
>   apt-cache search forensic
>
>    Linkname: Securing Debian Manual
>         URL: http://www.debian.org/doc/user-manuals#securing
>
> might give further ideas





Thanks I'll investigate.
-- 
rob


http://www.worldcommunitygrid.org/team/viewTeamInfo.do?teamId=82BS4ZCMFR1

Re: Hidden processes....or not....using unhide package

Reply via email to