The same goes for logs any script kiddie runs the zap something script to erase himself from the logs the minute he gains root.
I'd run chkrootkit just to be on the same side but relax as well trusting the statistics that say that most of the abuse going around in the networks is windows related.
Lior
On 5/17/05, shlomo Solomon <[EMAIL PROTECTED]> wrote:
I'm sending this again because for some reason LISTAR rejected it saying I'm
not subscribed (although I am).
Due to a stupid error, my machine was running without a firewall for several
hours. After I corrected the error, I checked the logs and I see that (as
usual), my FW is rejecting about 200 packets an hour. Obviously, this means
that these packets were not being rejected for several hours and, as far as I
know, I have no way of knowing if any malicious packets got through (although
hopefully most of the **attacks** are meant for Windows).
What would be the best way to assess if any damage was done? Since all my
software was installed from RPMs (the MDK install, updates and a few that I
downloaded from various places), would running rpm --verify provide reliable
information? Or is there something else I should try?
I guess I should have set-up tripwire or something similar a long time ago :-(
--
Shlomo Solomon
http://the-solomons.net
Sent by KMail 1.7.1 (KDE 3.2.3) on LINUX Mandrake 10.1
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
--
Peace Love and Penguins -
Lior Kesos
