Article 8424 at 06/12/31 01:38:40 From: arturs (at mark) netvision.net.il Subject: [coba-e:08424] Re: System hacked?!?!?

Index: [Article Count Order] [Thread]

Date:  Sat, 30 Dec 2006 18:35:13 +0200
From:  Arthur Sherman <arturs (at mark) netvision.net.il>
Subject:  [coba-e:08424] Re: System hacked?!?!?
To:  coba-e (at mark) bluequartz.org
Message-Id:  <018b01c72c30$7b34d1e0$3701a8c0@lapxp>
In-Reply-To:  <1486c6440612291900p3c2368c6xbd0de5eb1561f8c9 (at mark) mail.gmail.com>
X-Mail-Count: 08424

> If you suspect you have been hacked, do not trust anything on the
> system to give you accurate readings.  You should get netstat from a
> rpm, or other trusted system and use that binary.  There are some
> rootkits that will install updated versions of lsof, netstat, ps, ls,
> and other useful tools that will hide the root kit's existence.
> 
> -Adam

In addition to what Adam has said:

Lower permissions on several apps, like wget, gcc etc, in order only allow
for root to run them.
There was a thread about this during last year.

Best,

--
Arthur Sherman

+972-52-4878851
CPTeam