Rick Blake wrote: > > sounds like you've been had. or your server. Might have been a bind > exploit, buffer overflow or something, though it's also likely that the > intrusion occurred in another module and the intruder is making the rest > of your machine his. <snip> > good luck. root hacks suck. this sounds like a root hack. > > Rick Look for some dot files (like .ADMROCKS) in your named data directory, usually /var/named. Do a remote portscan of your machine. Look for modified /etc/ld.so.cache and whatnot. Good luck, Josh - : send the line "unsubscribe linux-net" in the body of a message to majordomo@vger.rutgers.edu