How to tell if your Linux box has been cracked
Results 1 to 4 of 4

Thread: How to tell if your Linux box has been cracked

  1. #1
    Senior Member
    Join Date
    May 2002
    Posts
    450

    How to tell if your Linux box has been cracked

    Found an interesting article the other day. I could not find if this had been posted before (and I apologise if it has) but I thought I would bring it to the attention of people here, it is especially helpful for Linux newbies interested in the security of their machines.

    The article deals with finding out if you have a trojaned process (in this case ps) and how to detect if a cracker has gained access to your Linux Box. The site also contains other interesting security related links worth a look.

    How to tell if your Linux Box has been cracked


    I hope someone finds the information useful.

  2. #2
    Leftie Linux Lover the_JinX's Avatar
    Join Date
    Nov 2001
    Location
    Beverwijk Netherlands
    Posts
    2,535
    nice post..

    thx ! !

    most of it was known, but a good read non-the-less..
    ASCII stupid question, get a stupid ANSI.
    When in Russia, pet a PETSCII.

    Get your ass over to SLAYRadio the best station for C64 Remixes !

  3. #3
    Senior Member
    Join Date
    Apr 2002
    Posts
    1,049
    since im a linux n00bie im looking for all the info i can get on it just now thanks for the link phatpenguin
    By the sacred **** of the sacred psychedelic tibetan yeti ....We\'ll smoke the chinese out
    The 20th century pharoes have the slaves demanding work
    http://muaythaiscotland.com/

  4. #4
    Senior Member
    Join Date
    Jul 2002
    Posts
    167
    Good link. One thing I've noticed playing around with lrk4 rootkit is unusual behavior of the trojanized telnet binary.

    A regular telnet login will look like this
    login:

    As with lrk4 the login will look like this
    eve login:

    Also when you have an incorrect login on a regular telnet server it will show you
    login incorrect.

    In the lrk4 rootkit it will show you the message
    root login refused on this terminal.

    Nate

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides