Mailinglist Archive: opensuse-security (757 mails)

< Previous Next >
RE: [suse-security] I have been hacked, what to do now?
  • From: "EXTERN Schumacher Markus (Intern; AB/EBE)" <Markus.Schumacher@xxxxxxxxxxxx>
  • Date: Thu, 17 Jan 2002 09:56:06 -0500
  • Message-id: <63D8CF5FA6F0D411A53B0002A5136C67024A9213@xxxxxxxxxxxxxxxxxxxxxxx>
Hi

try this:
http://www.chkrootkit.org/

it helped me a lot once :)

mARKUS


> -----Original Message-----
> From: Leo Rivas [mailto:leorivas@xxxxxxxxx]
> Sent: Thursday, January 17, 2002 10:51 AM
> To: engelhardtk@xxxxxxxxxxx; Suse Security
> Subject: Re: [suse-security] I have been hacked, what to do now?
>
>
> Hi Markus
> Checked that files but found nothing wrong yet (used vi and
> mcedit), what may I expect to find there?...
> according to the log i sent, should y suppose the 'hacker'
> made an enter or are those failed tries?
>
> Thanks
> Leo
>
>
> Markus Noch wrote:
>
> > hi,
> >
> > check ps,netstat,login and pstree . the one who hacked your
> machine replaces them to hide his intrusion.
> > further search for tools like dsniff. dsniff is a rootkit.
> > open this one`s ( ps,netstat,login and pstree ) with an
> asci editor. in some cases you can
> > see plain text.
> >
> > greetz and fun,
> > --
> > -----------------------------------------------------
> > Markus Noch
> > bsk IT Systemhaus GmbH
> > .-. Tel.: +49 6241 / 94650-21
> > /v\ Klosterstrasse 23
> > // \\ 67547 Worms
> > /( )\
> > ^^-^^
> > _ _ _ _ ___ ____
> > | |__ ___| | __ | \ | |/ _ \ / ___|
> > | '_ \/ __| |/ /____| \| | | | | |
> > | |_) \__ \ <_____| |\ | |_| | |___
> > |_.__/|___/_|\_\ |_| \_|\___/ \____|
> > Network-Operation-Centre POP Worms
> > noc@xxxxxxxxxxx
> > ---Home is where ever those login prompts shine !----
> >
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
> --
> To unsubscribe, e-mail: suse-security-unsubscribe@xxxxxxxx
> For additional commands, e-mail: suse-security-help@xxxxxxxx
>

< Previous Next >
This Thread
  • No further messages