Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: one of my servers has been compromized

From: Charles Morris <cmorris () cs odu edu>
Date: Tue, 6 Dec 2011 14:09:48 -0500
+1. Except instead of MD5 you want to use something that isn't garbage.

On Tue, Dec 6, 2011 at 1:18 PM, Paul Schmehl <pschmehl_lists () tx rr com> wrote:

A "poor man's" root kit detector is to take md5sums of critical system
binaries (you'd have to redo these after patching), and keep the list on an
inaccessible media (such as a thumb drive).  If you think the system is
compromised, run md5sum against those files, and you will quickly know.
You could even keep statically compiled copies on the thumb drive to use in
an investigation.



_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: