[SunHELP] strange ls behaviour
Bret Adams
bret at fabrikant.com
Thu Jul 10 09:02:20 CDT 2003
Rootkits enable a hacker to gain a backdoor to your system without you
being aware of it. So the hacker puts bogus versions of certain system
commands so you cant see certain processes he is running or certain files
he has deposited. This way when you run ls, or ps you are not seeing any
strange activity.
Bret
At 03:52 PM 7/10/2003 +0200, you wrote:
>Hi!
>
>can someone explane to me what a rootkit are! what it is intended to do to
>the system.
>
>-----Original Message-----
>From: sunhelp-bounces at sunhelp.org [mailto:sunhelp-bounces at sunhelp.org]On
>Behalf Of Kurt Huhn
>Sent: 10. juli 2003 15:46
>To: The SunHELP List
>Subject: Re: [SunHELP] strange ls behaviour
>
>
>On Thu, 10 Jul 2003 12:52:44 +0200
>"Simon Jespersen" <shj at pine.dk> wrote:
>
> > Hi on my blade 100 sol8 box i have a very strange behaviour.
> >
><snip>
> >
> > Can some one tell me whats going on
> >
>
>It is common practive to replace several binaries when a box is compromised
>and rooted. ls, login, top, ps, who, and couple others are the most
>commonly replaced. I suggest you take a *good* look at your box, the
>system, and see if there's a root kit on it. You're likely going to need to
>rebuild this system.
>
>--
>Kurt "I am not aware that any community has a right to
>kurt at k-huhn.com force another to be civilized."
> --John Stuart Mill
>_______________________________________________
>SunHELP maillist - SunHELP at sunhelp.org
>http://www.sunhelp.org/mailman/listinfo/sunhelp
>_______________________________________________
>SunHELP maillist - SunHELP at sunhelp.org
>http://www.sunhelp.org/mailman/listinfo/sunhelp
More information about the SunHELP
mailing list