On Thu, 6 Sep 2001 14:28:45 +0300 teo@gecadsoftware.com wrote:
Hi Martin! On Thu, 06 Sep 2001, Martin Peikert wrote:
Max Lindner
wrote: How can I see if he got in my system and deleted my folders? Can you say me, what signs indicate that he is already in my router. Is there a way to hide a programm from ps -axl?
Every rootkit will hide the cracker's activities - you can't trust ps, ls, top and others on your system any longer. If you want to detect a rootkit, try http://www.chkrootkit.org/
there is still a kind-of-ok source of information, namely the proc file system.
but indeed, you need a tool to systematicaly check for intrusion, and not make guesses.
-- teodor
The /proc filesystem will not be correct with some of the newer kernel module based rootkits... -- Viel Spaß Nix - nix@susesecurity.com http://www.susesecurity.com