Mon Feb 7 10:29:41 EST 2005
a strong possibility that that box was in deed r00ted. Keep VERY close
inspection to it's traffic and what it is doing from another box (if at all
possible) as there could very well be more damaging things which were not
found from your initial inspection. The ideals which many in the security
field hold is once a box has been turned over to the enemy it can never be
considered an ally on your network and to consider it a threat at all times.
A suggestion, and only that, a suggestion, would be to think about
formatting and rebuilding the box from scratch.
> FIXED! (for now..)
> Upon further inspection as per your note about the date: 1983
> being strange,
> I located several others with the same error. All in all I
> ifconfig, netstat, ps, top
> were all displaying bad date, bad size too perhaps.
> I have uninstalled and reinstalled these packages and am able
> to work now.
> I wonder how this happened in the first place, I was running
> wu-ftp and
> if it is really that bad, I will have to find an alternative.
> Does anyone know if there's a specific log of user activity
> that I might
> be able to find on my system to, perhaps, track the host ip that was
> addressing my box,
> and when?
> Thanks for the help, it was extremely useful!!
> Mike ;D
> oclug mailing list
> oclug at lists.oclug.on.ca
More information about the OCLUG