From owner-freebsd-hackers Mon May 22 2:34: 1 2000 Delivered-To: freebsd-hackers@freebsd.org Received: from david.siemens.de (david.siemens.de [192.35.17.14]) by hub.freebsd.org (Postfix) with ESMTP id 3DE7337BB28 for ; Mon, 22 May 2000 02:33:53 -0700 (PDT) (envelope-from ust@cert.siemens.de) X-Envelope-Sender-Is: ust@cert.siemens.de (at relayer david.siemens.de) Received: from mail2.siemens.de (mail2.siemens.de [139.25.208.11]) by david.siemens.de (8.10.1/8.10.1) with ESMTP id e4M9Xob13782; Mon, 22 May 2000 11:33:51 +0200 (MET DST) Received: from mars.cert.siemens.de (ust.mchp.siemens.de [139.23.201.17]) by mail2.siemens.de (8.10.1/8.10.1) with ESMTP id e4M9XnB24564; Mon, 22 May 2000 11:33:50 +0200 (MET DST) Received: from alaska.cert.siemens.de (reims.mchp.siemens.de [139.23.202.134]) by mars.cert.siemens.de (8.10.1/8.10.1/Siemens CERT [ $Revision: 1.8 ]) with ESMTP id e4M9XnZ10972; Mon, 22 May 2000 11:33:49 +0200 (CEST) Received: (from ust@localhost) by alaska.cert.siemens.de (8.10.1/8.10.1/alaska [ $Revision: 1.5 ]) id e4M9Xno84553; Mon, 22 May 2000 09:33:49 GMT Date: Mon, 22 May 2000 11:33:49 +0200 From: Udo Schweigert To: Alfred Perlstein Cc: Shadi Fazelian , hackers@FreeBSD.ORG Subject: Re: please hellllllllllllp me! Message-ID: <20000522113349.A74728@alaska.cert.siemens.de> References: <20000522085452.23895.qmail@web4207.mail.yahoo.com> <20000522025901.T28097@fw.wintelcom.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2i In-Reply-To: <20000522025901.T28097@fw.wintelcom.net>; from bright@wintelcom.net on Mon, May 22, 2000 at 02:59:01AM -0700 X-Operating-System: FreeBSD 4.0-STABLE Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Mon, May 22, 2000 at 02:59:01 -0700, Alfred Perlstein wrote: > * Shadi Fazelian [000522 02:31] wrote: > > Hello. > > please guide me: > > 1- how I can see a hidden file (not dot file) and how > > I can hidden a file ? > > my mean: I want make a file that ls -al can't see it. > > impossible(*) afaik. > > > > > 2- how I can write somthing in a file that nobody can > > see them > > my mean: in crontab adding some command that this is > > hidden. > > impossible(*) afaik. > > > > > 3- how I can run somthing in background that ps can't > > see it. > > impossible(*) afaik. > > > > > please guide me. hackeres attack my servers and I > > don't know how he/she can. > > (*) see: http://www.rootkit.com/ > and: http://www.rootkit.com/whitepapers.shtml > 1- and 3- are possible, if the attacker can change the installed versions of ls and ps to his own, compromised versions. Regards -- Udo Schweigert, Siemens AG | Voice : +49 89 636 42170 ZT IK 3, Siemens CERT | Fax : +49 89 636 41166 D-81730 Muenchen / Germany | email : ust@cert.siemens.de PGP-2/5 fingerprint | D8 A5 DF 34 EC 87 E8 C6 E2 26 C4 D0 EE 80 36 B2 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message