Thanks to all the people that sent their feed back. It was able to detect a case of lion worm/t0rn on one test computer infected via bind 8.2.2 with chkrootkit. <update Re: Port Scan Question ...> chkrootkit just happened to be running when i had the problem that caused the computer to stop responding. This happened while executing this part of chkrootkit => root 15763 0.0 0.5 1676 688 pts/0 D 09:19 0:00 /usr/bin/find /usr/lib /usr/man /lib -name .[A-Za-z]* -o -name ...* -o -name .. * this was the load avarage load average: 31.99, 31.44, 29.77 It looks like the main problem (it happened again later) was caused by a bad kernel. When i compiled the 2.4.18 kernel on the RH7.0 there were several warnings, but no errors. But it looks like the warnings were bad enough to make a defective kernel. kernel: Unable to handle kernel paging request at virtual address 00002800 kernel: 00002800 kernel: *pde = 00000000 kernel: Oops: 0000 kernel: CPU: 0 My friend agreed to erase all traces of RH7.0 from that HD there are quite a few better options out there. </update> David Correa Public Key http://www.linux-tech.com/linuxtech.asc Key fingerprint 7F2C E072 479D 71B4 008B 373E A284 8CDE 7659 F5D8 ------------------------------------------------------------------------ To unsubscribe email security-discuss-request@linuxsecurity.com with "unsubscribe" in the subject of the message.
