civileme grabbed a keyboard and wrote: > David Guntner wrote: > > > >Checking 'sniffer'... Checking 'wted'... 2 deletions found between {time} > >and {time} > > > >Question: Based on this, is my system likely to have been compromised or > >not? For that matter, what's wted? > > wted -- wtmp editor > > > > http://www.cleo-and-nacho.com/cnd/text/hackkit.txt > > Reading the whole doc will be educational. The grammar isn't perfect > but the message is unusually clear.
I'm reading it now, and I am not heartened by what I see.... Is there anything that could cause the checker to trip on that? I.E., is there something else which could result in it thinking that something was removed from wtmp? I'm pretty careful in my password choices and am on the mandrake-security announce list so that I know when a fix has been released (and I put it in right away), so I'm really curious as to how someone could have gotten in, installed that program, run it to cover up whatever else it was they did, and then remove it. And, I'm *not* enjoying the prospect of having to wipe and reinstall my system.... :-/ Any other thoughts on the subject? Or is it just time to "push the button, Max?" (Probably no one will get the joke, but I'm sure you understand the meaning... :) --Dave -- David Guntner GEnie: Just say NO! http://www.akaMail.com/pgpkey/davidg or key server for PGP Public key
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com