Firewall Wizards mailing list archives
Re: rpc.statd message log
From: Prashant Desai <prashant_secret () yahoo com>
Date: Wed, 30 Apr 2003 18:41:32 -0700 (PDT)
dont forget to check the /dev dirs and history file /logs many time intruder forgets to delete the history file and installs the bins under /dev best luck prashant --- Devdas Bhagat <devdas () dvb homelinux org> wrote:
On 24/04/03 12:05 -0400, Robert E. Martin wrote: <snip>I believe that the machine has been compromised,but do not find anytrace using cert.org recommended IntruderDetection Checklist. I have IIRC, you use Linux. What distro ( RH 6.2? ). Patch level? Run chrootkit, and validate checksums for binaries from a clean booted system (not booted from the possibly compromised disk) using an alternate md5sum and kernel binary.stopped the rpc.statd service, since we don't usethis at ALL! That should have been stopped as part of OS hardening itself. Devdas Bhagathttp://www.kb.cert.org/vuls/id/34043 Any thoughts? Anyone? -- Robert E Martin IT Manager Fishburne Military School rmartin () fishburne org 540.946.7726 _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
_______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards __________________________________ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Re: rpc.statd message log Prashant Desai (May 01)
- Re: rpc.statd message log Robert E. Martin (May 02)