Security Basics mailing list archives

Re: hidden processes

From: Birl <sbirl () temple edu>
Date: Thu, 31 Jul 2003 09:39:35 -0400 (EDT)

As it was written on Jul 30, thus Vlady spake unto security-basics@security...:

vlady:  Date: Wed, 30 Jul 2003 17:28:22 -0400
vlady:  From: Vlady <vlady () cyber2000 ca>
vlady:  To: security-basics () securityfocus com
vlady:  Subject: hidden processes
vlady:
vlady:  Hi,
vlady:  One of my mashines is hacked and chkrootkit-0.40 tells me that I have 3
vlady:  proccess hidden from "ps". All of my system binaries looks like beeing clean.
vlady:  Using "netstat" I can see that there is not a lisenning servise other than the
vlady:  services suppused to work on the machine.
vlady:  I know that the best way to go further is to reinstall the machine but first I
vlady:  would like to understand more of what have happend.
vlady:
vlady:  My question is how can I see this 3 hidden processes.
vlady:
vlady:  Cheers
vlady:  Vlady



Have you tried 'lsof' or even 'lsof -i' ?


Thanks

 Scott Birl                              http://concept.temple.edu/sysadmin/
 Senior Systems Administrator            Computer Services   Temple University
====*====*====*====*====*====*====*====+====*====*====*====*====*====*====*====*

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

hidden processes Vlady (Jul 30)
- Re: hidden processes Meritt James (Jul 31)
  - Re: hidden processes Daniel B. Cid (Jul 31)
- Re: hidden processes Erik Vincent (Jul 31)
- Re: hidden processes Birl (Jul 31)
- Re: hidden processes gminick (Jul 31)
- <Possible follow-ups>
- RE: hidden processes Johnson, Kevin (Jul 31)