l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2005 Feb 15 14:35

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] lugod.org cracked?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] lugod.org cracked?

Also, you will want to look at processes that are still running. Check out
inetd. Use your fu from /proc/PID/*exe* and dump to files and service
daemons. do a cmp of the dumped data with the actual executable on disk.
If the item in memory != app on disk, that is a sign that the service you
see may not be yours and they should be inspected more closely.

use lsof and look at what files are opened by various daemons-- especially
those you suspect of not being your own.

Odds are in favor that they still have a process running on your box and
it is set to auto-start on reboot and/or kill -- common to have a parent
process that does little and is called something like -bash whose only
purpose is to respawn the trojan upon termination.

You have a lot of work ahead of you.
Good luck :-)


ME said:
> 2 tools:
> 1) Rootkit with local exploits
> 2) IRC Relay with authentication and bounce... probably a file server for
> dcc requests of pr0n, movies, or music.
vox-tech mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!