[oclug] rooted system

[Thomas Rollins]

Have you got a firewall that logs denied packets etc? Looking at the 
open network ports and traffic might give you an idea of what is going on.
Is the machine secured and services like dns turned off? There was a 
worm a month or so back that affected linux boxes with certain versions
of Bind DNS. Having a secure box with a firewall and updated packages can 
usually avoid most problems. Running things like ftp with clear text 
passwords might not be a good idea, you mentioned that it was anonymous
only though? If there is sensitive information on the box, i would unplug
the nic asap or at least block all the ports you can till you can re-install. 

-- 
Thomas Rollins || thomas at optix.net || http://www.optix.net