chkrootkit and vncserver

Mon May 24 16:11:27 UTC 2004

On Mon, 24 May 2004 09:53:45 -0500, "Benjamin J. Weiss" <benjamin at weiss.name>
wrote:

>
>I don't think that this is a trojan, just a design issue with gnome.

Thanks for checking.  I'll sleep better.  

At the same time this happened, the logwatch was reporting bad records in the
httpd log.  They look like someone was trying some sort of buffer overflow
attack.  My worry was that someone had pushed a rootkit through an so-far
unknown overflow in Apache.
--
   Steve