On Thu, Dec 14, 2000 at 12:58:26AM -0800, Matthew Dharm wrote:
>
> I doubt that.... from this description, you've been hacked. Even if your
> /etc/inetd.conf is in good shape, it looks like someone got in.
>
> I'm guessing that your ls was also hijacked. You're using RedHat, so try
> the rpm -V command
Once hacked you can't trust anything. A malicious person might just
install RPMs for example.
Re-install is the only option.
Restore backups only after verifying that they do not re-install the
backdoors as well. This is where your current hacked system may be
useful. Something like the coroners toolkit (?) written by Wietse Venema
(and others?) might help you determining at what date your system has
been hacked. Don't be suprised if you find multiple break-ins accumulated
over the years.
If you have (had) a network: attached systems may have been compromised
as well.
-- Frank - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Dec 15 2000 - 21:00:30 EST