Security Incidents mailing list archives
Re: Possible tirpwire false alarm?
From: <ksemat () wawa eahd or ug>
Date: Mon, 15 Oct 2001 20:34:00 +0300 (EAT)
Well chkrootkit from http://www.chkrootkit.org and run it on your machine. I am also slightly confused here: <quote>
has been changed. Again the new changes shows no differences in md5sum on any of the 3 linux boxes here. One of which is a trusted fresh install.
</quote> Are you saying that a) There are no differences between the MD5sums on the new installs and yours or that b) There are differences between the new installs and your linux box? Also have you looked in your logs like lastlog,messages etc. A good cracker would have cleaned these up but you never know. What version of bind and other software that is open are you running? Noah. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Possible tirpwire false alarm? Sebastian Ip (Oct 15)
- Re: Possible tirpwire false alarm? Berend De Schouwer (Oct 15)
- Re: Possible tirpwire false alarm? Sebastian Ip (Oct 15)
- Re: Possible tirpwire false alarm? Jose Nazario (Oct 15)
- Re: Possible tirpwire false alarm? [incidents] Stephen W. Thompson (Oct 15)
- Re: Possible tirpwire false alarm? ksemat (Oct 15)
- Re: Possible tirpwire false alarm? Sebastian Ip (Oct 15)
- Message not available
- Re: Possible tirpwire false alarm? Sebastian Ip (Oct 16)
- Re: Possible tirpwire false alarm? Berend De Schouwer (Oct 15)