[K12OSN] Re: Random system crashes: Linux gurus, what would you do?

Les Mikesell les at futuresource.com
Fri Dec 23 00:31:00 UTC 2005

On Thu, 2005-12-22 at 18:22, Carl Keil wrote:

> I tried the rootkit hunter and it turned up absolutely no trace
> of a rootkit.  I know this isn't definitive, but I think I'm 
> going to cross my fingers and hope for the best.  I've changed
> the root password, and now I turn webmin on via ssh when I need
> it and shut it down when I'm through.  Thanks for suggesting
> this program.  I'm beginning to suspect that the hacking and
> the crashing are just an odd coincidence.  

One other thing you might want to try for additional peace
of mind is ntop (http://www.ntop.org).  Among other things,
it will track connections to other sites and the ports
used.  It is common for rootkits to establish connections
back to some controlling site and supply a doctored netstat
that won't show it. Even if it doesn't show any hacking it
provides some interesting summaries of network use.

  Les Mikesell
    les at futuresource.com

More information about the K12OSN mailing list