Re: Weird Network Manager Problem (Updated)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



  On 9/25/10 11:05 PM, Ed Greshko wrote:
>   On 09/26/2010 01:52 PM, JD wrote:
>> On 09/25/2010 10:42 PM, Ed Greshko wrote:
>>>    On 09/26/2010 12:54 PM, JD wrote:
>>>> Well,if my machine was rooted, and I have a firewall that
>>>> drops ALL incoming requests, then how was it rooted if not
>>>> through some package or through the kernel  itself?
>>> I would suggest folks take a step back and do some research on "lkm
>>> false positive" before jumping to a conclusion that they have a problem.
>>>
>> Well, ...  before jumping to conclusion that who has a problem?
>> rkhunter or chkrootkit?  I assume you mean rkhunter??
>> If so, I tend to agree. I saw a lot of google hits reporting
>> false positives by chkrootkit.
>>
> Any of these "detection applications" can report false positives.  Which
> is why they report "your system *may* be infected" or "*Possible* XXX
> installed...".
>
> My message is simple.  If you run these apps and they say you may be
> infected...don't jump to a conclusion and nuke your system.
>
It is quite interesting that the files that were infected are those files.

And I agree that blowing away the system should be a 'last resort' 
action, but the OP is under the opinion that the system was indeed 
rooted due to a review of the auditing logs which show these files were 
changed from the outside.

Firewalls are breachable, BTW.  It was fun to watch the TV ads with the 
African Female talking with the 17 year old's voice that had cracked her 
account and then he used her money to build 'a Robot that I'm taking to 
the Senior Prom'.  She was not amused.

Also, it is a good idea to use TWO or more tools to verify that you were 
'rooted'.  A check of the file change dates will also reveal if you were 
breached.

James McKenzie

-- 
users mailing list
users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe or change subscription options:
https://admin.fedoraproject.org/mailman/listinfo/users
Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines

[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux