|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Hacked or not appendice
From: Thordur Ivar (thib
mi.is)
Date: Sat Jun 12 2004 - 08:03:07 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
I have on a CD a number of binarys ( sources actually ) ( e.g. ls, find, grep, awk, sed, locate e.t.c. ) and when I belive that a machine has been cracked I remove the network cable from that machine and mount the cdrom build the sources and start looking. If I need something in that process I put it on my USB memstick from a 'trusted machine' and move it by hand over.
Roughly speaking this is my process.
>On Sat, 12 Jun 2004 13:44:45 +0200
>"Peter Rosa" <prosapro.sk> wrote:
> Hi all again,
>
> I must add, there are no log entries after June 9, 2004. "LKM" message first
> apeared June 8, 2004, after this day, there is nothing in /var/messages,
> /var/security .....
>
> How could I look for suspicious LKM module ? How could I find it, if the
> machine is hacked and I can not believe "ls", "find" etc. commands ?
>
> Peter Rosa
>
>
> _______________________________________________
> freebsd-securityfreebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-security
> To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
>
>
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]