Hi Richard,
Sorry, can't get any useful hint for your routing table.
But I'd very much like to know more about the rootkit and the
hole used for getting in your machine. As far as I understood,
you're running a firewall, so shouldn't be too easy for an
intruder? (read: I'm running an 8.2 too, and without a decent
firewall, so would like to know where to expect a hit from ,-)
Maybe a fix for it can make into the next security update?
Good luck
Ed
--- Richard
I'm using SuSE 8.2 For several days I have noticed my /var/log/messages file has been devoid of the usual messages indicating someone has been looking at my ports.
I'm using Shorewall and droping everything but what i need yet no more notices in the message file.
Today I looked at my route and got this: Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 192.168.1.0 * 255.255.255.0 U 0 0 0 eth0 user-0ceicg0.ca * 255.255.254.0 U 0 0 0 eth1 default user-0ceicg1.ca 0.0.0.0 UG 0 0 0 eth1
I had never seen the user-0ceicg1.ca thing. eth1 is my connection to the net via cable modem.
A few weeks ago I discovered I had been rootkitted and reformatted and reinstalled everything on this machine,
Does anyone recognise what has happened to my route tables? TIA Richard
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
__________________________________ Do you Yahoo!? Yahoo! Calendar - Free online calendar with sync to Outlook(TM). http://calendar.yahoo.com