intrusion detected

J.Markoll j.markoll at free.fr
Mon Aug 8 18:13:16 UTC 2005


 > J.Markoll wrote:
 >> Matt Patterson a écrit :
[...]

Matt Patterson a écrit :
> The best tools for checking zombifying is just looking at hte running 
> processes. 
Please, what does 'hte' here means ? I looked in 5 or 6 dictionnaries on 
line and don't find any logical answer in the context here. It does not 
mean 'High-temperature electrolysis' for sure ?

> If you have some random process consuming lots of resources 
> and you can't identify it, might be worth looking into.
Could you give examples for random processes also ? what is
the method to look in these processes ? scan the repertory the
process binary belongs to, maybe ?

> You can use nmap 
> to scan your open ports, make sure no new ones open without your 
> consent. If you are getting tons of popups you probably have some 
> spyware/malware.
If you don't have popups (Firefox helps... ) does it mean no zombie
can be present ?

> There are also a couple of rootkit checkers in the 
> package system.
Are zombies always in the shape of a trojan that a rootkit checker
can recognise ?

Apart chkrootkit that needs just to be invoked with sudo,
what else that does not look like a geek party before being able to
use it ? :)

> Matt
Thanks, J.Markoll.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050808/86b10f8e/attachment.sig>


More information about the ubuntu-users mailing list