civileme grabbed a keyboard and wrote:
> David Guntner wrote:
> >
> >Checking 'sniffer'... Checking 'wted'... 2 deletions found between {time}
> >and {time}
> >
> >Question: Based on this, is my system likely to have been compromised or
> >not? For that matter, what's wted?
>
> wted -- wtmp editor
>
> >
> http://www.cleo-and-nacho.com/cnd/text/hackkit.txt
>
> Reading the whole doc will be educational. The grammar isn't perfect
> but the message is unusually clear.
I'm reading it now, and I am not heartened by what I see....
Is there anything that could cause the checker to trip on that? I.E., is
there something else which could result in it thinking that something was
removed from wtmp?
I'm pretty careful in my password choices and am on the mandrake-security
announce list so that I know when a fix has been released (and I put it in
right away), so I'm really curious as to how someone could have gotten in,
installed that program, run it to cover up whatever else it was they did,
and then remove it.
And, I'm *not* enjoying the prospect of having to wipe and reinstall my
system.... :-/
Any other thoughts on the subject? Or is it just time to "push the button,
Max?" (Probably no one will get the joke, but I'm sure you understand the
meaning... :)
--Dave
--
David Guntner GEnie: Just say NO!
http://www.akaMail.com/pgpkey/davidg or key server
for PGP Public key
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
