[Cialug] Rootkit?
Nathan Stien
nathanism at gmail.com
Thu Jan 31 20:33:54 CST 2008
I wrote out a reply to Nate's response, but something ate it before it
went out. I have no idea.
Anyways, here's some more info:
The machine is a laptop running Kubuntu gutsy.
It runs no internet-facing services. Nmapping it reveals nothing
listening out of the ordinary. Just smbd, cupsd, and sshd.
However, with iftop I see traffic heading out to 224.0.0.251. I have
no idea what that is. Something to do with multicast?
I've also been getting plenty of lines like this in my syslog:
Jan 31 20:17:54 wintermute kernel: [110435.910602] TKIP: received
packet without ExtIV flag from 00:16:b6:0d:21:22
I know of no machine of mine with that MAC address.
- Nathan
More information about the Cialug
mailing list