[Cialug] Attack troubleshooting?
Dave Weis
djweis at internetsolver.com
Mon Feb 28 22:50:37 CST 2011
If it has a rootkit those are probably trojaned. I've used iptables -I OUTPUT -j LOG in the past to see any traffic leaving the box.
> -----Original Message-----
> From: cialug-bounces at cialug.org
> [mailto:cialug-bounces at cialug.org] On Behalf Of Zachary Kotlarek
> Sent: Monday, February 28, 2011 10:49 PM
> To: Central Iowa Linux Users Group
> Subject: Re: [Cialug] Attack troubleshooting?
>
>
> On Feb 28, 2011, at 10:23 PM, L. V. Lammert wrote:
>
> > Any thoughts on how to isolate the cause? I finally got
> into the box
> > by playing with the firewall, but don't see any logins or anything
> > untoward in ps.
>
>
> `lsof` or `netstat`would give you a better idea what was
> using the network.
>
> Zach
>
>
More information about the Cialug
mailing list