It's not necessarily the work of a hacker, because if he hacked you he
wouldn't want to cut your access from the internet, otherwise the hack would
However, there is a well known and well documented nfs exploit on RH6.0 and
RH6.2. Back in September my file server was broken ito using exactly that
exploit. Do a google search on statdx and Linux and you'll see.
Also, locally, do a
find / -name statd* -print
The name might be different, so you might not find anything. As for ifconfig,
which ifconfig or
It should be in /sbin. If it isn't, re-install net-tools from the cd. You may
also want to re-install procps (which contains ps).
If you were indeed broken into, he might have replaced the vital programs
with trojaned versions.
Incidentally, if you only have a single PC, connected to the internet, you
shouldn't need nfsd.
If it's running,
And finally, if you were indeed broken into, save your data, reformat
everything and re-install.
> I have my redhat 6 box connected to the internet via a cable modem. A
> strange thing has happened. Both the programs ifconfig and top have
> disappeared. Is there any way that I can trace where they have disappeared
> to? Has this been the work of a hacker? How can I find out?
> I think a related issue is that my bootup gets to "Starting NFS lockd" and
> then just hangs for a while. Then it times out and goes into the normal
> bootup. When it actually boots up, I have no network access to the lan or
> the internet.
> Thanks in advance.