Date: Sat, 12 Jun 2004 13:01:38 +0100 (BST) From: jon.mercer@achean.com To: freebsd-security@freebsd.org Subject: Re: Hacked or not ? Message-ID: <55017.217.155.191.90.1087041698.squirrel@webmail.achean.com>
next in thread | raw e-mail | index | archive | help
I have seen this as well, it is most likely a false positive. Additionally, slower or more heavily loaded machines seem more likely to generate false positive for LKM. As a side note, there really ought to be a way for admins to double check the output from chkrootkit Google helps little. Any offers..? Jon > Hi all, > > please advice me - I was on holidays for one week. After return I found in security mails from router (chkrootkit) following message: > Checking `lkm'... You have 1 process hidden for readdir command You have 1 process hidden for ps command > Warning: Possible LKM Trojan installed > > It apeared only onece. From previous and next days reports, the message is not present. > > How could I be sure, the machine is not hacked ? > > Many thanks for any response. > > Peter Rosa > > > _______________________________________________ > freebsd-security@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-security > To unsubscribe, send any mail to > "freebsd-security-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55017.217.155.191.90.1087041698.squirrel>