On Sat, 10 Feb 2001, Togan Muftuoglu wrote:
Thomas Lamy wrote:
No, it's just your binaries are swapped with those from the root-kit, and these hide themselves... Get those binaries from a safe machine (better CD-ROM) into a temporary directory (for forensic analysis, do not overwrite any binaries nor reboot the machine!), and try it again with those safe binaries. You may also do an "rpm --verify -a > /tmp/some/file" to check the md5-hashes of all installed packages, to see if and which binaries on your sytem have been replaced by the attacker's root-kit.
(SH...T)
Ok can I run these tools from my laptop connected to my the f....ed machine via ethernet. ( I can use the live CD so those binaries on the laptop machine will not have the possibility to be hacked
On this point I'm curious. Could a 'root kit' propogate itself to uninfected hosts on a LAN after it infects the initial victim host? Protection inside a LAN is commonly lax, especially with everyone relying on firewalls to protect them. Are viruses like those seen in MSWorld the next thing? All along I've been smug telling my Windows using friends that I don't have these virus problems because Unix/Linux has accecss control. How long til that dish of crow gets served up? best regards, Gerard Bras