On Tue, 5 Dec 2000, Martin Geigl wrote:
Hi all,
had an attack attempt a few days ago via the kstatd, but it seemed to me it wasn't successfull. I did an netstat -p to check and got the following:
(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)
But I was root! My question now is, is this a standard comment of netstat or is there a "hidden" program running, which even root can't see (e.g. some trojan horse)?
AFAIK it just means what it says: netstat can't identify all running processes. Maybe not the best choice of words, but no trojan causing it. If you're afraid you've been hacked, check out CERT's checklist (www.cert.org). It has a number of steps you can check. For instance checking the md5sum of ps, ls etc.
Thanks in Advance Martin --
Stefan