Security Incidents mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Ramen detect script

From: "Michael H. Warfield" <mhw () WITTSEND COM>
Date: Thu, 18 Jan 2001 17:36:03 -0500
On Thu, Jan 18, 2001 at 08:55:52PM +0100, Patrick Oonk wrote:

Hi,



I made a small ramen detect perlscript for the casual user.
It can be found at http://www.pine.nl/~patrick/chopstix.pl



Notice I use netstat, but I don't know if the rootkit replaces
it. I have no infected system to test.


        RootKit?  What root kit?  Unless you have a different
version of Ramen, I don't see a root kit in there anywhere
or anything that's attempting to clean up after it or hide it.


The script can be found at http://www.pine.nl/~patrick/chopstix.pl,
please post any improvements/commants/rants. YMMV



      p.

--
 Patrick Oonk -  PO1-6BONE -  patrick () pine nl -  www.pine.nl/~patrick
 Pine Internet  -  PAT31337-RIPE  -   Hushmail: p.oonk () my security nl
 Tel: +31-70-3111010  -   Fax: +31-70-3111011   -  http://security.nl
 PGPID 155C3934 fp DD29 1787 8F49 51B8 4FDF  2F64 A65C 42AE 155C 3934
            * looking for modules for a USR TotalSwitch *
 Excuse of the day: The salesman drove over the CPU board.


        Mike
--
 Michael H. Warfield    |  (770) 985-6132   |  mhw () WittsEnd com
  (The Mad Wizard)      |  (678) 463-0932   |  http://www.wittsend.com/mhw/
  NIC whois:  MHW9      |  An optimist believes we live in the best of all
 PGP Key: 0xDF1DD471    |  possible worlds.  A pessimist is sure of it!
Previous By Date Next
Previous By Thread Next

Current thread: