Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
Re: [suse-security] I have been hacked, what to do now?
  • From: Boris Lorenz <bolo@xxxxxxx>
  • Date: Thu, 17 Jan 2002 16:46:09 +0100 (CET)
  • Message-id: <XFMail.020117164609.bolo@xxxxxxx>
Yup,

Markus: dsniff is not a root kit, nor a part of one. It's a network auditing
tool kit, which of course can be abused in certain ways (sniffing, MitM
attacks, etc.). More info about dsniff can be found on its home page:
http://www.monkey.org/~dugsong/dsniff .

Leo: You may want to check out parts of our SuSE security FAQ on
http://www.susesecurity.com/faq , see chapter "Incident Reporting".

> check ps,netstat,login and pstree . the one who hacked your machine replaces
> them to hide his intrusion.
> further search for tools like dsniff. dsniff is a rootkit.
> open this one`s ( ps,netstat,login and pstree ) with an asci editor. in some
> cases you can
> see plain text.
>
> greetz and fun,
> --
[...]

Boris
---

< Previous Next >
This Thread
References