Thanks for the reply Jor- i'll check into this. When going through the man
pages for check-ps; it did state that the process of check-ps would be very
hard to kill. I guess it meant this directory and files in it. What i've
also noticed is that these directories get serialized after numerous
reboots. Reason is because I put this command in rc.local The
serialization looks like this:
# . ???!??????000!! ??
# . ???!??????001!! ??
# . ???!??????002!! ??
# etc
The only program I know that can view these directories is the commandline
mc (something commander) - even then, the directory structure get's wierded
out and i sometimes need to do a reset in xterm- this leads to another segue
on linux tips:
Do not leave your webbrowser always open on your shell/desktop- it may
provide 'windows of opportunity' for an exploit via it (just a hunch - or
maybe some facts behind it anyone?)
Also, if a unix program somehow gives an error such as a memory leak or
strange popup error and you've already checked the newsgroups and resources
it can lead to several things:
missing/corrupted libraries
needs to be updated or recompiled
lost symlinks
it's been trojanized
Sorry that this has become off-topic from firewalls, but in essence, an
exploit through a firewall may produce these outcomes
> > Now, I use a program called 'check-ps' that checks for proc's and ps's
> > structure and kills unknown processes. I'll let you know now that if
you
> > install this program and do not daemonize it, it'll leave hard to
delete
> > temp folders/directories like this:
> >
> > . ???!??????000!! ??
> >
> > Is that wild or what???!! Guess i'll need to contact the creator for
tips
> > on these directory deletions.
>
> try rm ".*\?*" < removes any file beginning with a dot and containing a
literal '?'.
> use rmdir or rm -r to get rid of misnamed directories...
>
> Note: this looks like a bad bug in the program, you should not run this
one
> as root.
>
_______________________________________________________
Get 100% FREE Internet Access powered by Excite
Visit http://freeworld.excite.com
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
