intrusion detected
J.Markoll
j.markoll at free.fr
Mon Aug 8 18:13:16 UTC 2005
> J.Markoll wrote:
>> Matt Patterson a écrit :
[...]
Matt Patterson a écrit :
> The best tools for checking zombifying is just looking at hte running
> processes.
Please, what does 'hte' here means ? I looked in 5 or 6 dictionnaries on
line and don't find any logical answer in the context here. It does not
mean 'High-temperature electrolysis' for sure ?
> If you have some random process consuming lots of resources
> and you can't identify it, might be worth looking into.
Could you give examples for random processes also ? what is
the method to look in these processes ? scan the repertory the
process binary belongs to, maybe ?
> You can use nmap
> to scan your open ports, make sure no new ones open without your
> consent. If you are getting tons of popups you probably have some
> spyware/malware.
If you don't have popups (Firefox helps... ) does it mean no zombie
can be present ?
> There are also a couple of rootkit checkers in the
> package system.
Are zombies always in the shape of a trojan that a rootkit checker
can recognise ?
Apart chkrootkit that needs just to be invoked with sudo,
what else that does not look like a geek party before being able to
use it ? :)
> Matt
Thanks, J.Markoll.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 256 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-users/attachments/20050808/86b10f8e/attachment.sig>
More information about the ubuntu-users
mailing list