Rootkit

[David Hane <dlhane () sbcglobal net>]

Hi all,

I recently had a machine get hacked before I could finish installing all the 
damn remote-root exploit patches that have been released in the last week.
I've done the forensics and I know how they got in and what they did but I 
would like to know what rootkit they used.

Can anyone recommend a good scanner or info site where I can compare some of 
the binaries I saved (the machine has been wiped)?

Also, am I the only one who is totally exhausted from trying to keep up with 
the last couple of week's patch frenzy? I would have had my last server 
patched before the attack but things like, sleep, food, and bathroom time got 
in the way :-)

Thanks for the help,

Dave

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html