Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: Hacked or not appendice
From: Thordur Ivar (thibmi.is)
Date: Sat Jun 12 2004 - 08:03:07 CDT
I have on a CD a number of binarys ( sources actually ) ( e.g. ls, find, grep, awk, sed, locate e.t.c. ) and when I belive that a machine has been cracked I remove the network cable from that machine and mount the cdrom build the sources and start looking. If I need something in that process I put it on my USB memstick from a 'trusted machine' and move it by hand over.
Roughly speaking this is my process.
>On Sat, 12 Jun 2004 13:44:45 +0200
>"Peter Rosa" <prosapro.sk> wrote:
> Hi all again,
> I must add, there are no log entries after June 9, 2004. "LKM" message first
> apeared June 8, 2004, after this day, there is nothing in /var/messages,
> /var/security .....
> How could I look for suspicious LKM module ? How could I find it, if the
> machine is hacked and I can not believe "ls", "find" etc. commands ?
> Peter Rosa
> freebsd-securityfreebsd.org mailing list
> To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"
freebsd-securityfreebsd.org mailing list
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"