[lug] advice on possible rootkit
Ed Moxley
ed at moxleynet.com
Thu Mar 25 22:26:52 MST 2004
On Thu, 2004-03-25 at 19:54, pjr at ucar.edu wrote:
> I could use some advice about a possible root kit installed on a
> machine I own. The machine sits behind some serious firewalls, but
> our institution had some serious compromises in its security. There
> have been a few odd things taking place on the machine the last couple
> of days and I am being paranoid.
>
> Today I ran chkroot (version 0.40) on the machine. I got a diagnosis
> of "possible LKM trojan installed".
>
snip
> Can anybody offer me some advice?
>
> Thanks
>
> Phil
>
> --
> Phil Rasch, Climate Modeling Section, National Center for Atmospheric
> Research
> Mail --> P.O. Box 3000, Boulder CO 80307
> Shipping --> 1850 Table Mesa Dr, Boulder, CO 80305
> email: pjr at ucar.edu, Web: http://www.cgd.ucar.edu/cms/pjr
> Phone:303-497-1368, FAX: 303-497-1324
>
You might want to try some of the ideas here:
http://la-samhna.de/library/rootkits/detect.html
More information about the LUG
mailing list