Security Basics mailing list archives
Re: hidden processes
From: Birl <sbirl () temple edu>
Date: Thu, 31 Jul 2003 09:39:35 -0400 (EDT)
As it was written on Jul 30, thus Vlady spake unto security-basics@security...: vlady: Date: Wed, 30 Jul 2003 17:28:22 -0400 vlady: From: Vlady <vlady () cyber2000 ca> vlady: To: security-basics () securityfocus com vlady: Subject: hidden processes vlady: vlady: Hi, vlady: One of my mashines is hacked and chkrootkit-0.40 tells me that I have 3 vlady: proccess hidden from "ps". All of my system binaries looks like beeing clean. vlady: Using "netstat" I can see that there is not a lisenning servise other than the vlady: services suppused to work on the machine. vlady: I know that the best way to go further is to reinstall the machine but first I vlady: would like to understand more of what have happend. vlady: vlady: My question is how can I see this 3 hidden processes. vlady: vlady: Cheers vlady: Vlady Have you tried 'lsof' or even 'lsof -i' ? Thanks Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====* --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- hidden processes Vlady (Jul 30)
- Re: hidden processes Meritt James (Jul 31)
- Re: hidden processes Daniel B. Cid (Jul 31)
- Re: hidden processes Erik Vincent (Jul 31)
- Re: hidden processes Birl (Jul 31)
- Re: hidden processes gminick (Jul 31)
- <Possible follow-ups>
- RE: hidden processes Johnson, Kevin (Jul 31)
- Re: hidden processes Meritt James (Jul 31)