I was rooted?!Forum: Networking Topic: I was rooted?! started by: Aether Posted by Aether on Jan. 08 2006,18:40
Before I talk about the breach, I should mention that on a clean install, chkrootkit shows netstat as INFECTED. I read a couple of poor english posts that mentioned a possiable false positive due to the addrs.h(I think) and needs to be stripped. Anyone confirm this, I don't know how.Also, I am curious about the /KNOPPIX/ect/dhpc/resolv.conf having a hardcoded value of 206.13.28.12... is this your nameserver? Anyways, the first time I ran chkrootkit I found about five positive infections, ls, du, date .... normal stuff. What has a a little concerned is, the only programs I have ever used on this distro are MyDSL, FireFox, Dillo, xMMS. I had installed iptables and was testing rc.firewall from projectfiles.com, but I started no network daemons. I have not been rooted since I first found them. {edit} opps, and I enabled apt, upgraded GNU utils and installed synaptic. |