Re: [SLUG] joe-job or rootkit?

From: ronan (ronan@tampabay.rr.com)
Date: Sat Apr 12 2008 - 06:50:13 EDT

Next message: Eben King: "Re: [SLUG] joe-job or rootkit?"
Previous message: Eben King: "[SLUG] Re: joe-job or rootkit?"
In reply to: Eben King: "[SLUG] joe-job or rootkit?"
Next in thread: Eben King: "Re: [SLUG] joe-job or rootkit?"
Reply: Eben King: "Re: [SLUG] joe-job or rootkit?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Eben King wrote:
> I just got 6-7 bounces from mail I didn't send. SoI've probably been
> the victim of either a joe-job or a rootkit. I've got the bounce
> messages. How do I tell the difference?
>
Leave a copy of tcpdump running in a terminal, watching outgoing
packets, for several hours, while you are not using your machine. Any
outbound traffic is suspicious (except for NTP or deliberately scheduled
network activity).

--ronan
-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

Next message: Eben King: "Re: [SLUG] joe-job or rootkit?"
Previous message: Eben King: "[SLUG] Re: joe-job or rootkit?"
In reply to: Eben King: "[SLUG] joe-job or rootkit?"
Next in thread: Eben King: "Re: [SLUG] joe-job or rootkit?"
Reply: Eben King: "Re: [SLUG] joe-job or rootkit?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 15:38:51 EDT