Security Incidents mailing list archives
Re: Ramen detect script
From: "Michael H. Warfield" <mhw () WITTSEND COM>
Date: Thu, 18 Jan 2001 17:36:03 -0500
On Thu, Jan 18, 2001 at 08:55:52PM +0100, Patrick Oonk wrote:
Hi,
I made a small ramen detect perlscript for the casual user. It can be found at http://www.pine.nl/~patrick/chopstix.pl
Notice I use netstat, but I don't know if the rootkit replaces it. I have no infected system to test.
RootKit? What root kit? Unless you have a different version of Ramen, I don't see a root kit in there anywhere or anything that's attempting to clean up after it or hide it.
The script can be found at http://www.pine.nl/~patrick/chopstix.pl, please post any improvements/commants/rants. YMMV
p. -- Patrick Oonk - PO1-6BONE - patrick () pine nl - www.pine.nl/~patrick Pine Internet - PAT31337-RIPE - Hushmail: p.oonk () my security nl Tel: +31-70-3111010 - Fax: +31-70-3111011 - http://security.nl PGPID 155C3934 fp DD29 1787 8F49 51B8 4FDF 2F64 A65C 42AE 155C 3934 * looking for modules for a USR TotalSwitch * Excuse of the day: The salesman drove over the CPU board.
Mike -- Michael H. Warfield | (770) 985-6132 | mhw () WittsEnd com (The Mad Wizard) | (678) 463-0932 | http://www.wittsend.com/mhw/ NIC whois: MHW9 | An optimist believes we live in the best of all PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Current thread:
- Ramen detect script Patrick Oonk (Jan 18)
- Re: Ramen detect script Michael H. Warfield (Jan 18)