Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Patrick Andry (pandrywolverinefreight.ca)
Date: Wed Jun 12 2002 - 07:33:53 CDT
You should probably re-install, but if it's at all possible, keep the
box around and try to figure out a number of things:
How the attacker got in.
What Rootkit was installed.
What did the rootkit do (transfer files, create a backdoor, etc..)
Who the attacker was.
Just putting the box back up from source media won't do any good if the
source media has a security hole in it.
Does anyone know of any processes which are hidden by design from ps,
but are not trojans/malware?
> What is the best strategy for dealing with an LKM kit? Reinstall
> linux from CD or try to remove it?