17 Jan
2002
17 Jan
'02
16:46
Yup, Markus: dsniff is not a root kit, nor a part of one. It's a network auditing tool kit, which of course can be abused in certain ways (sniffing, MitM attacks, etc.). More info about dsniff can be found on its home page: http://www.monkey.org/~dugsong/dsniff . Leo: You may want to check out parts of our SuSE security FAQ on http://www.susesecurity.com/faq , see chapter "Incident Reporting".
check ps,netstat,login and pstree . the one who hacked your machine replaces them to hide his intrusion. further search for tools like dsniff. dsniff is a rootkit. open this one`s ( ps,netstat,login and pstree ) with an asci editor. in some cases you can see plain text.
greetz and fun, -- [...]
Boris ---