Gene Heskett sends Greetings to Alastair Taylor;
Quote:>> Your box could be rootkited, what version of bind are you useing?
And I'd bet you could do a 'locate ADMROCKS' and find it or one of its
rootkit siblings. Thats IF locate hasn't been hacked to hide it.
I'd take it offline immediately, back up what you need, but not the
system, format the drive and reinstall no earlier than 6.2. Then check
the redhat sites errata for 6.2 and update your install with
*everything* in that directory on redhat.
The minimum safe version of bind is 8.2.2p7, versions earlier have
probably the most famous exploit going built right in.
You cannot trust your login, ls, ps, and other such maintainance utils
as they have probably been replaced with ones programmed to ignore the
hackers presence. Been there, done that, and while we did clean up the
mess, the backup, format, and re-install would have been about 3 days
email gene underscore heskett at iolinc dot net
#Amiga based X10 home automation program EZHome, see at:#
# <http://www.thirdwave.net/~jimlucia/amigahomeauto> #
ISP's please take note: My spam control policy is explicit!
#Any Class C address# involved in spamming me is added to my killfile
never to be seen again. Message will be automaticly deleted without dl.
This messages reply content, but not any previously quoted material,
is ? 2000 by Gene Heskett, all rights reserved.