Bugtraq mailing list archives

check-ps 1.2 pre-release

From: dps () IO STARGATE CO UK (Duncan Simpson)
Date: Thu, 7 May 1998 02:16:08 +0100


It is an age since I last announced this program and I should have got back
sooner. Better late than never.

check-ps is a program that tries to blend in with the background and runs ps
every so often (as nobody). It compiles its own list and compares the two. If
suspect differeneces turn up it yells at the administrator by email via
another machine (it uses port 25 to avoif local logs). It will optionally kill
the processes.

Anti=race condition code is there but it has not been tested much.

The code is avialable by anonymous ftp from mars.astra.co.uk in the pub/word2x
directory. Any relationship with the previous version of eons ago is remote.
Much of the size is due to massive paranioa coding everywhere. On linux it
will probably tell you where the cracker is connecting from if he/she overruns
a buffer of a network service and the local port number (so you know exactly
which service was involved too...)


--
Duncan (-:
"software industry, the: unique industry where selling substandard goods is
legal and you can charge extra for fixing the problems."

Current thread:

Re: [MORE] Lynx's 2.x buffers overflows Bela Lubkin (May 06)
- check-ps 1.2 pre-release Duncan Simpson (May 06)
- Re: [MORE] Lynx's 2.x buffers overflows Theo de Raadt (May 06)
- admintool mode 0777 in Solaris 2.6 HW3/98 Paul B. Henson (May 07)
- nestea2 and HP Jet Direct cards. Damon Petta (May 07)
  - Re: nestea2 and HP Jet Direct cards. MrMurphy (May 08)
  - Re: nestea2 and HP Jet Direct cards. Ben Woodard (May 20)
    - Re: nestea2 and HP Jet Direct cards. (Lexmark patches) Ben Woodard (May 22)
    - Exploit: Windows95/98/ (NT?) Autorun Matt Hallacy (May 22)
- ircnn-1.3devel problems Warren Rees (May 08)