Security Incidents mailing list archives

Re: How to determined which rootkit is using?

From: Antonio Carlos Pina <apina () infolink com br>
Date: Thu, 22 Feb 2001 23:18:27 -0300

I believe it can be t0rnkit.

There's a little but great utility called "chkrootkit" which you can use to
try to find out what rootkit is this. Since the homepage is written in
portuguese, I will give you the direct link. Go to:

http://www.pangeia.com.br/download.htm

and grab chkrootkit and chkdemonkit.

Best Regards,

Cordialmente,
Antonio Carlos Pina
Diretor de Tecnologia
INFOLINK Internet
http://www.infolink.com.br

----- Original Message -----
From: "happynbsl" <happynbsl () YAHOO COM>
To: <INCIDENTS () SECURITYFOCUS COM>
Sent: Wednesday, February 21, 2001 11:50 PM
Subject: How to determined which rootkit is using?

Hi All:
    I just found my server(RH 6.2 zoot)'s port 54321 is open, and telnet
localhost 54321 show:
    SSH.....

    I think someone have put rootkit in my server.am i right?

    Then How can i determined which kind of rootkit it is using?and How to
clear them?


    any suggestion is quite appreciated!
TIA
Mark


_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

Current thread:

How to determined which rootkit is using? happynbsl (Feb 21)
- Re: How to determined which rootkit is using? Antonio Carlos Pina (Feb 22)