Security Basics mailing list archives
Re: hidden processes
From: "Meritt James" <meritt_james () bah com>
Date: Thu, 31 Jul 2003 09:18:59 -0400
As a couple of untried thoughts, is 'ps' itself corrupted? Will you get the reight thing with full-path specification? And you may want to (briefly - it is a space hog) turn on process accounting and take a look at that. BTW: What does "hidden from ps" mean? Jim Vlady wrote:
Hi, One of my mashines is hacked and chkrootkit-0.40 tells me that I have 3 proccess hidden from "ps". All of my system binaries looks like beeing clean. Using "netstat" I can see that there is not a lisenning servise other than the services suppused to work on the machine. I know that the best way to go further is to reinstall the machine but first I would like to understand more of what have happend. My question is how can I see this 3 hidden processes. Cheers Vlady --------------------------------------------------------------------------- ----------------------------------------------------------------------------
-- James W. Meritt CISSP, CISA Booz | Allen | Hamilton phone: (410) 684-6566 --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- hidden processes Vlady (Jul 30)
- Re: hidden processes Meritt James (Jul 31)
- Re: hidden processes Daniel B. Cid (Jul 31)
- Re: hidden processes Erik Vincent (Jul 31)
- Re: hidden processes Birl (Jul 31)
- Re: hidden processes gminick (Jul 31)
- <Possible follow-ups>
- RE: hidden processes Johnson, Kevin (Jul 31)
- Re: hidden processes Meritt James (Jul 31)