Hi! On 11:49 Tue 20 Apr , Mulyadi Santosa wrote: > On Tue, Apr 20, 2010 at 11:23, Kousik Maiti <maiti.kousik@xxxxxxxxx> wrote: > > Hi list, > > This may be irrelevant question. > > I have a system which was successfully attached by some hackers . I want > > to diagnostics it. I tried to google it but don't get any doc . Is there any > > documentation so that I can check the system? ... > Then check your whole system using programs like rkhunter. Also, it > also worth to check for viruses using ClamAV or any other anti virus. > If you're using rpm (I think other packaging system could do it too, > but I am not suer), you can check the validity of the files using rpm > -Va. IIRC, it is using MD5 hash. Also check other places which might be attractive to attackers, like system startup scripts and databases. If they are interested in something that you run on the system, they might have modified something there. Modifications do not need to be obvious and just because you do not find anything wrong, it does not mean that it has not been tempered with. If you have off-machine backups, you might want to use them or keep them a bit longer... However, there is a chance people are only interested in bandwidth for DoS or spamming. -Michi -- programing a layer 3+4 network protocol for mesh networks see http://michaelblizek.twilightparadox.com -- To unsubscribe from this list: send an email with "unsubscribe kernelnewbies" to ecartis@xxxxxxxxxxxx Please read the FAQ at http://kernelnewbies.org/FAQ
