RE: hidden processes

[Jech <jech () netvision net il>]

Hi folks,

I red in other mailing conference, about this same problem. Try to over
the archiv of conferences in securityfocus and you will get your answer.

Jech.

-----Original Message-----
From: Birl [mailto:sbirl () temple edu] 
Sent: Thursday, July 31, 2003 6:40
To: security-basics () securityfocus com
Cc: security-basics () securityfocus com
Subject: Re: hidden processes


As it was written on Jul 30, thus Vlady spake unto
security-basics@security...:

vlady:  Date: Wed, 30 Jul 2003 17:28:22 -0400
vlady:  From: Vlady <vlady () cyber2000 ca>
vlady:  To: security-basics () securityfocus com
vlady:  Subject: hidden processes
vlady:
vlady:  Hi,
vlady:  One of my mashines is hacked and chkrootkit-0.40 tells me that I
have 3
vlady:  proccess hidden from "ps". All of my system binaries looks like
beeing clean.
vlady:  Using "netstat" I can see that there is not a lisenning servise
other than the
vlady:  services suppused to work on the machine.
vlady:  I know that the best way to go further is to reinstall the
machine but first I
vlady:  would like to understand more of what have happend.
vlady:
vlady:  My question is how can I see this 3 hidden processes.
vlady:
vlady:  Cheers
vlady:  Vlady



Have you tried 'lsof' or even 'lsof -i' ?


Thanks

 Scott Birl
http://concept.temple.edu/sysadmin/
 Senior Systems Administrator            Computer Services   Temple
University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*==
==*====*

------------------------------------------------------------------------
---
------------------------------------------------------------------------
----


---------------------------------------------------------------------------
----------------------------------------------------------------------------