From owner-freebsd-security  Tue May 29 11:47: 1 2001
Delivered-To: freebsd-security@freebsd.org
Received: from magnetar.blackhatnetworks.com (magnetar.blackhatnetworks.com [65.166.202.3])
	by hub.freebsd.org (Postfix) with ESMTP id 097ED37B424
	for <freebsd-security@FreeBSD.org>; Tue, 29 May 2001 11:46:57 -0700 (PDT)
	(envelope-from alex@nixfreak.org)
Received: from localhost (alex@localhost.blackhatnetworks.com [127.0.0.1])
	by magnetar.blackhatnetworks.com (8.x/8.x) with ESMTP id f4TIklt60813
	for <freebsd-security@FreeBSD.org>; Tue, 29 May 2001 14:46:47 -0400 (EDT)
Date: Tue, 29 May 2001 14:46:47 -0400 (EDT)
From: Alex <alex@nixfreak.org>
X-X-Sender:  <alex@magnetar.blackhatnetworks.com>
To: <freebsd-security@FreeBSD.org>
Subject: Re: freebsd rootkit
Message-ID: <Pine.BSF.4.32.0105291446270.20750-100000@magnetar.blackhatnetworks.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Hello Lim,

	Please referance the following URL for a very preliminary checking
utility:

	http://www.chkrootkit.org/

		Also, consider creating a CD with a clean kernel, shell,
and various system checking utilities such as systat, netstat, fstat,
lsof, etc.  Booting from the CD, and testing the integrity of the system.


	Also, please consider installing a HIDS or NIDS after recovery:

	http://www.cerias.purdue.edu/coast/intrusion-detection/welcome.html



Best wishes,
Alex



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message