Jonathan, Not quite. I have found what looks to be a root-kit but what I am hoping to do is find the root-kit itself (filename, size, options & functions, etc.). Is this a root-kit that has been seen before and documented or is this a new variant? This is one of the important questions I'd like to answer. As an answer to your indirect question- I am not worried about other boxes that were compromised, this was a isolated subnet. Phil On Tue, 06 May 2003 06:14:37 -0700 "Jonathan A. Zdziarski" <jonathanat_private> wrote: >Sounds like you answered your own question; to find out if any of >your other >machines have this root-kit, create a file with the word drop in >it and see >if it disappears. > > > > Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Thu May 08 2003 - 14:41:27 PDT