Do you have a question? Post it now! No Registration Necessary. Now with pictures!
August 27, 2008, 11:42 am
rate this thread
Anyone see this yet? I'd like to get hold of a copy. There seems to be
a new version.
"The US-CERT is reporting that there is active attacks against Linux
environments using stolen SSH keys. There is a new rootkit out,
Phalanx2 which is dropped by attackers which, among the usual rootkit
tasks, steal any SSH key on a system. The attackers then, presumably,
use those stolen keys (the ones without passwords/passphrases at
least) to get into other machines." ...
Someone that got broken into. Oddly enough, on the machine now hosting
Protect? [** America, The Police State **] Serve?
Teen Tazered 19 times: http://www.ky3.com/news/local/26158674.html
Guns For TX Teachers: http://news.bbc.co.uk/1/hi/world/americas/7564654.stm
Castration Punishment: http://www.foxnews.com/story/0,2933,348171,00.html
A couple of months ago I encountered a machine infected by the
phaslanx2 rootkit, which chkrootkit failed to detect. As a result, I
wrote my own /proc file system checker that phalanx2 was unable hide
from. The script is available from
<http://www.jedsoft.org/slang/slsh.html . It should be able to sniff
out similar rootkits.
# ./chkproc2.sl -q
WARNING: pid 2375 exists, but chdir /proc/2375 fails
WARNING: /proc/2375 needs gid=56564 for access
- » Cloud Ace Technologies is offering Implementation Services on Cloud Computing, Cloud Serv...
- — Newest thread in » Linux Security