Full Disclosure mailing list archives
RE: Rootkit
From: "Conrado Zelaya" <czelaya () intermarks com>
Date: Fri, 26 Sep 2003 16:35:48 -0500
Try http://www.chkrootkit.org -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of David Hane Sent: Friday, September 26, 2003 3:57 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Rootkit Hi all, I recently had a machine get hacked before I could finish installing all the damn remote-root exploit patches that have been released in the last week. I've done the forensics and I know how they got in and what they did but I would like to know what rootkit they used. Can anyone recommend a good scanner or info site where I can compare some of the binaries I saved (the machine has been wiped)? Also, am I the only one who is totally exhausted from trying to keep up with the last couple of week's patch frenzy? I would have had my last server patched before the attack but things like, sleep, food, and bathroom time got in the way :-) Thanks for the help, Dave _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Rootkit David Hane (Sep 26)
- RE: Rootkit Conrado Zelaya (Sep 26)
- Re: Rootkit B3r3n (Sep 26)
- Re: Rootkit David Hane (Sep 26)
- Re: Rootkit Danny Pansters (Sep 26)
- Re: Rootkit David Hane (Sep 26)
- Re: Rootkit Bruce Ediger (Sep 26)
- Re: Rootkit Paul Schmehl (Sep 26)
- Re: Rootkit Nate Hill (Sep 26)
- Re: Rootkit Soren Jacobsen (Sep 26)
- Re: Rootkit Paul Schmehl (Sep 26)
- Re: Rootkit Nate Hill (Sep 27)
- RE: Rootkit Marcus H. Sachs (Sep 26)
(Thread continues...)