[Cialug] Attack troubleshooting?

David Champion dchamp1337 at gmail.com
Mon Feb 28 23:02:12 CST 2011


Run chkrootkit, and do a rpm -Va to see what binaries are broken. To be
sure, its sometimes best to start over with a fresh install, but you want to
find how they got in and make sure that you're all patched up.
-dc
On Feb 28, 2011 10:57 PM, "Tim Wilson" <tim_linux at wilson-home.com> wrote:
> As Ken said, disconnect it from your network. I made the mistake of not
> disconnecting mine, and the @%$#$%# connected back in and wiped all traces
> of his presence. I thought I had locked him out, but he had left another
> backdoor that he used.
>
> On Mon, Feb 28, 2011 at 10:49 PM, Zachary Kotlarek <zach at kotlarek.com
>wrote:
>
>>
>> On Feb 28, 2011, at 10:23 PM, L. V. Lammert wrote:
>>
>> > Any thoughts on how to isolate the cause? I finally got into the box by
>> > playing with the firewall, but don't see any logins or anything
untoward
>> > in ps.
>>
>>
>> `lsof` or `netstat`would give you a better idea what was using the
network.
>>
>> Zach
>>
>>
>> _______________________________________________
>> Cialug mailing list
>> Cialug at cialug.org
>> http://cialug.org/mailman/listinfo/cialug
>>
>>
>
>
> --
> Tim
> Required reading: http://bccplease.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://cialug.org/pipermail/cialug/attachments/20110228/110fcdb9/attachment.html>


More information about the Cialug mailing list