Full Disclosure mailing list archives
Re: Rootkit
From: <kernelclue () hushmail com>
Date: Fri, 26 Sep 2003 14:53:41 -0700
Um, what operating system are you talking about? What remote root exploits? If it's a Linux variant, strings is your friend. Also, I'm not sure if this is the proper forum for this type of question. One of the Security Focus mailing lists seems more appropriate. On Fri, 26 Sep 2003 13:57:14 -0700 David Hane <dlhane () sbcglobal net> wrote:
Hi all, I recently had a machine get hacked before I could finish installing all the damn remote-root exploit patches that have been released in the last week. I've done the forensics and I know how they got in and what they did but I would like to know what rootkit they used. Can anyone recommend a good scanner or info site where I can compare some of the binaries I saved (the machine has been wiped)? Also, am I the only one who is totally exhausted from trying to keep up with the last couple of week's patch frenzy? I would have had my last server patched before the attack but things like, sleep, food, and bathroom time got in the way :-) Thanks for the help, Dave
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Rootkit, (continued)
- Re: Rootkit David Hane (Sep 26)
- Re: Rootkit Danny Pansters (Sep 26)
- Re: Rootkit David Hane (Sep 26)
- Re: Rootkit Bruce Ediger (Sep 26)
- Re: Rootkit Paul Schmehl (Sep 26)
- Re: Rootkit Nate Hill (Sep 26)
- Re: Rootkit Soren Jacobsen (Sep 26)
- Re: Rootkit Paul Schmehl (Sep 26)
- Re: Rootkit Nate Hill (Sep 27)
- RE: Rootkit Marcus H. Sachs (Sep 26)
- RE: Rootkit Poof (Sep 26)
- Re: Rootkit kernelclue (Sep 26)
- Rootkit David Hane (Sep 26)
- RE: Rootkit Schmehl, Paul L (Sep 26)