On Friday October 24 2003 02:33, Javier Fernández-Sanguino Peña wrote:
> On Thu, Oct 23, 2003 at 10:35:26AM -0500, Micah Anderson wrote:
> > Try the package "falselogin"
>
> That's not what I was looking for. I was looking for something that logged
> connection attempts, which falselogin does not.
On Friday October 24 2003 02:33, Javier Fernández-Sanguino Peña wrote:
> On Thu, Oct 23, 2003 at 10:35:26AM -0500, Micah Anderson wrote:
> > Try the package "falselogin"
>
> That's not what I was looking for. I was looking for something that logged
> connection attempts, which falselogin does not.
On Sun, 26 Oct 2003 (14:19), Nikolai Buer wrote:
> It could be a bug in the rootkit, but might it not also be a bug in
> the software?
I think the software bug is the right answer, I'm getting the same
result on my testing machine:
[EMAIL PROTECTED]:~$ ps aux | head
USER PID %CPU %
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 26 October 2003 22:12, Laurent Corbes {Caf'} wrote:
>
> see bug #217525
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217525
>
> it's a kernel bug :/
>
Not sure about that. I have same kernel (2.4.20) but different procps (2.0.7-8
fro
On Sun, 26 Oct 2003 15:39:23 +0100
Daniele <[EMAIL PROTECTED]> wrote:
> On Sun, 26 Oct 2003 (14:19), Nikolai Buer wrote:
> > It could be a bug in the rootkit, but might it not also be a bug in
> > the software?
see bug #217525
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217525
it's a k
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sunday 26 October 2003 22:12, Laurent Corbes {Caf'} wrote:
>
> see bug #217525
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217525
>
> it's a kernel bug :/
>
Not sure about that. I have same kernel (2.4.20) but different procps (2.0.7-8
fro
On Sun, 26 Oct 2003 15:39:23 +0100
Daniele <[EMAIL PROTECTED]> wrote:
> On Sun, 26 Oct 2003 (14:19), Nikolai Buer wrote:
> > It could be a bug in the rootkit, but might it not also be a bug in
> > the software?
see bug #217525
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=217525
it's a k
On Sun, 26 Oct 2003 (14:19), Nikolai Buer wrote:
> It could be a bug in the rootkit, but might it not also be a bug in
> the software?
I think the software bug is the right answer, I'm getting the same
result on my testing machine:
[EMAIL PROTECTED]:~$ ps aux | head
USER PID %CPU %
On Sun, Oct 26, 2003 at 02:03:36PM +0100, Thomas Wana wrote:
> Hi,
>
> On Sunday 26 October 2003 13:42, Nikolai Buer wrote:
> >
> > The funny thing is that the PIDs in question here are so low. Moreover,
> > they're actually not hidden from ps, just set to 0 (impossible).
> >
>
> Line 1067 skips
Hi.
Chkrootkit gave me the following message:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
So I did:
# chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v
###
PID 3: not in ps output
CWD 3: /
EXE 3: /
PID 4
On Sun, Oct 26, 2003 at 02:03:36PM +0100, Thomas Wana wrote:
> Hi,
>
> On Sunday 26 October 2003 13:42, Nikolai Buer wrote:
> >
> > The funny thing is that the PIDs in question here are so low. Moreover,
> > they're actually not hidden from ps, just set to 0 (impossible).
> >
>
> Line 1067 skips
Hi.
Chkrootkit gave me the following message:
Checking `lkm'... You have 4 process hidden for ps command
Warning: Possible LKM Trojan installed
So I did:
# chkrootkit -x lkm
ROOTDIR is `/'
###
### Output of: ./chkproc -v -v
###
PID 3: not in ps output
CWD 3: /
EXE 3: /
PID 4
12 matches
Mail list logo