Security Incidents mailing list archives
Re: How to determined which rootkit is using?
From: Antonio Carlos Pina <apina () infolink com br>
Date: Thu, 22 Feb 2001 23:18:27 -0300
I believe it can be t0rnkit. There's a little but great utility called "chkrootkit" which you can use to try to find out what rootkit is this. Since the homepage is written in portuguese, I will give you the direct link. Go to: http://www.pangeia.com.br/download.htm and grab chkrootkit and chkdemonkit. Best Regards, Cordialmente, Antonio Carlos Pina Diretor de Tecnologia INFOLINK Internet http://www.infolink.com.br ----- Original Message ----- From: "happynbsl" <happynbsl () YAHOO COM> To: <INCIDENTS () SECURITYFOCUS COM> Sent: Wednesday, February 21, 2001 11:50 PM Subject: How to determined which rootkit is using?
Hi All: I just found my server(RH 6.2 zoot)'s port 54321 is open, and telnet localhost 54321 show: SSH..... I think someone have put rootkit in my server.am i right? Then How can i determined which kind of rootkit it is using?and How to clear them? any suggestion is quite appreciated! TIA Mark _________________________________________________________ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
Current thread:
- How to determined which rootkit is using? happynbsl (Feb 21)
- Re: How to determined which rootkit is using? Antonio Carlos Pina (Feb 22)