From: | Kyle Bader <kyle.bader@×××××.com> | ||
---|---|---|---|
To: | gentoo-user@l.g.o | ||
Subject: | Re: [gentoo-user] Re: Rooted/compromised Gentoo, seeking advice | ||
Date: | Tue, 10 Aug 2010 13:51:56 | ||
Message-Id: | AANLkTi=xp4tCzG6FiSO4VTgcSTFE2TmN0P2FJf6GVT=e@mail.gmail.com | ||
In Reply to: | Re: [gentoo-user] Re: Rooted/compromised Gentoo, seeking advice by Mick |
1 | > |
2 | > Another idea to help with your forensics would be to bring a netstat and |
3 | > lsof |
4 | > binary over to your machine and run them to see which actors are running |
5 | > and |
6 | > trying to get out. That could help you detect what is running on that |
7 | > machine |
8 | > and google your way from there. |
9 | |
10 | |
11 | If your kernel has been subverted then userland is irrelevant, a kit can |
12 | simply hook the system calls those binaries use and return whatever it wants |
13 | you to know. |
14 | |
15 | -- |
16 | |
17 | Kyle |