Security Basics mailing list archives
RE: hidden processes
From: Jech <jech () netvision net il>
Date: Fri, 01 Aug 2003 07:12:11 -0700
Hi folks, I red in other mailing conference, about this same problem. Try to over the archiv of conferences in securityfocus and you will get your answer. Jech. -----Original Message----- From: Birl [mailto:sbirl () temple edu] Sent: Thursday, July 31, 2003 6:40 To: security-basics () securityfocus com Cc: security-basics () securityfocus com Subject: Re: hidden processes As it was written on Jul 30, thus Vlady spake unto security-basics@security...: vlady: Date: Wed, 30 Jul 2003 17:28:22 -0400 vlady: From: Vlady <vlady () cyber2000 ca> vlady: To: security-basics () securityfocus com vlady: Subject: hidden processes vlady: vlady: Hi, vlady: One of my mashines is hacked and chkrootkit-0.40 tells me that I have 3 vlady: proccess hidden from "ps". All of my system binaries looks like beeing clean. vlady: Using "netstat" I can see that there is not a lisenning servise other than the vlady: services suppused to work on the machine. vlady: I know that the best way to go further is to reinstall the machine but first I vlady: would like to understand more of what have happend. vlady: vlady: My question is how can I see this 3 hidden processes. vlady: vlady: Cheers vlady: Vlady Have you tried 'lsof' or even 'lsof -i' ? Thanks Scott Birl http://concept.temple.edu/sysadmin/ Senior Systems Administrator Computer Services Temple University ====*====*====*====*====*====*====*====+====*====*====*====*====*====*== ==*====* ------------------------------------------------------------------------ --- ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- RE: hidden processes Jech (Aug 01)