[SunHELP] Re: Unable to display "2001"
Jan Johansson
sunhelp at sunhelp.org
Thu May 24 14:36:32 CDT 2001
On Thu, May 24, 2001 at 07:23:35AM -0500, Thomas Cameron wrote:
>OK, never mind, I wrote the last message ("why does inability to see
>files w/2001 make you think system is hacked") before my first cup of
>coffee... I was trying to associate that symptom with the buffer
>overflow. Wasn't even thinking of the rootkit installed AFTER the
>overflow.
>
>Doh!
Yes, that rootkit hides in something like /dev/pts/01 and to hide
it has a ls which does not deiplay 01. I think the false binary
can bee seen using "strings ls".
More information about the SunHELP
mailing list