[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

intrusion

To: luci-discuss@luci.org
Subject: intrusion
From: Danny Sauer <sauer@cloudmaster.com>
Date: Mon, 1 Apr 2002 10:02:26 -0600
Organization: Linux Users of Central Illinois
Reply-To: luci-discuss@luci.org
Sender: luci-discuss-owner@luci.org

You know what's irritating?  When you notice that an old box that's been
completely ignored and unprotected for a long time is getting a little
unstable, then when you run ps you get a list of processes that doesn't
include "ps" but instead includes "3".  Then, you look at most of the
binaries in your /bin directory, and the md5sum and timestamp aren't right
with the RPM database.  Furthermore, if you look at the binaries with
less, you see stuff about the upx binary packer:

sauer@host:~ > grep Info `which ps`
$Info: This file is packed with the UPX executable packer http://upx.sf.net $
sauer@host:~ > grep Id `which ps`
$Id: UPX 1.20 Copyright (C) 1996-2001 the UPX Team. All Rights Reserved. $

Sigh.  I guess that machine was really due for an upgrade anyway.  That
explains the slight instability it's had for the last year or so... :)

--Danny, pretty sure that SuSE didn't use upx on their old distribs, and
pretty sure that various rootkits do

-
To unsubscribe, send email to majordomo@luci.org with
"unsubscribe luci-discuss" in the body.

Next by Date: useradd -p
Prev by thread: Re: useradd -p
Index(es):
- Date
- Thread