Hi On Tue, Dec 05, 2000 at 12:38:20PM +0100, Martin Geigl wrote:
(Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)
But I was root! My question now is, is this a standard comment of netstat or is there a "hidden" program running, which even root can't see (e.g. some trojan horse)? alex@joker:~# strings $(which netstat ) | egrep "(processes|shown)" (Not all processes could be identified, non-owned process info will not be shown, you would have to be root to see it all.)
So, this string is definitely included in the netstat binary. However you cannot be sure whether you weren't compromised. What you could is to compile a new (best case is static) binary of netstat (better is lsof :)), to copy it to the system and execute it (like lsof -i) to check if the system has been trojaned. However this behaviour is not normal, if you have an idea why this is spit out though you are root, mail it to the list. MfG/Regards, Alexander -- Alexander Reelsen http://joker.rhwd.de ref@linux.com GnuPG: pub 1024D/F0D7313C sub 2048g/6AA2EDDB ar@rhwd.net 7D44 F4E3 1993 FDDF 552E 7C88 EE9C CBD1 F0D7 313C Securing Debian: http://joker.rhwd.de/doc/Securing-Debian-HOWTO