From: Liam Bedford (lbedford at domain lbedford.org)
Date: Mon 20 Aug 2001 - 18:40:07 IST
On Mon, Aug 20, 2001 at 11:54:47AM +0100, Niall O Broin came forth with:
> On Mon, Aug 20, 2001 at 10:58:06AM +0100, Fred Cummins wrote:
> > found it by using 'locate puta', as t0rn and its attendant files
> > generally live in a directory called '.puta' which doesn't show up using
> > 'ls -a'. I had an up-to-date set of BIND utilities, so I don't know how
> Why would a directory called .puta not show up in a ls -a listing ? (Unless
> of course the cracker had installed a customised ls)
rootkits generally install customised versions of lots of things:
some of them even have LKM's to go with them, and compilers for machines
> > this bugger got in, and I notice the files were modified by a German.
> What lets you make this assumption ?
comments in the source code?
funny variable names?
-- dBP dBBBBb | If you're looking at me to be an accountant dBP | Then you will look but you will never see dBP dBBBK' | If you're looking at me to start having babies dBP dB' db | Then you can wish because I'm not here to fool around dBBBBP dBBBBP' | Belle & Sebastian (Family Tree)
This archive was generated by hypermail 2.1.6 : Thu 06 Feb 2003 - 13:11:44 GMT