> most rootkits install trojaned versions of _at least_ ps and netstat
> you are likley opening up more holes to your attacker than you did before
by
> running those files.
You could portscan the server from a remote location to ensure that no stray
ports are open. While restoring all binaries would be the best solution, its
not always practical, and restoring just key binaries (su, bash, login, sh,
netstat, ps, etc.) could do the trick.
Kevin
_______________________________________________
cobalt-security mailing list
cobalt-security@xxxxxxxxxxxxxxx
http://list.cobalt.com/mailman/listinfo/cobalt-security