[K12OSN] Re: Random system crashes: Linux gurus, what would you do?
Les Mikesell
les at futuresource.com
Fri Dec 23 00:31:00 UTC 2005
On Thu, 2005-12-22 at 18:22, Carl Keil wrote:
> I tried the rootkit hunter and it turned up absolutely no trace
> of a rootkit. I know this isn't definitive, but I think I'm
> going to cross my fingers and hope for the best. I've changed
> the root password, and now I turn webmin on via ssh when I need
> it and shut it down when I'm through. Thanks for suggesting
> this program. I'm beginning to suspect that the hacking and
> the crashing are just an odd coincidence.
One other thing you might want to try for additional peace
of mind is ntop (http://www.ntop.org). Among other things,
it will track connections to other sites and the ports
used. It is common for rootkits to establish connections
back to some controlling site and supply a doctored netstat
that won't show it. Even if it doesn't show any hacking it
provides some interesting summaries of network use.
--
Les Mikesell
les at futuresource.com
More information about the K12OSN
mailing list