[Cialug] Rootkit?
Nathan C. Smith
nathan.smith at ipmvs.com
Thu Jan 31 20:35:07 CST 2008
It wasn't me. Even though I may look like I ate it. ;)
> -----Original Message-----
> From: Nathan Stien [mailto:nathanism at gmail.com]
> Sent: Thursday, January 31, 2008 8:34 PM
> To: Central Iowa Linux Users Group
> Subject: Re: [Cialug] Rootkit?
>
> I wrote out a reply to Nate's response, but something ate it
> before it went out. I have no idea.
>
> Anyways, here's some more info:
>
> The machine is a laptop running Kubuntu gutsy.
>
> It runs no internet-facing services. Nmapping it reveals
> nothing listening out of the ordinary. Just smbd, cupsd, and sshd.
>
> However, with iftop I see traffic heading out to 224.0.0.251.
> I have no idea what that is. Something to do with multicast?
>
> I've also been getting plenty of lines like this in my syslog:
>
> Jan 31 20:17:54 wintermute kernel: [110435.910602] TKIP:
> received packet without ExtIV flag from 00:16:b6:0d:21:22
>
> I know of no machine of mine with that MAC address.
>
> - Nathan
> _______________________________________________
> Cialug mailing list
> Cialug at cialug.org
> http://cialug.org/mailman/listinfo/cialug
>
More information about the Cialug
mailing list