[SATLUG] Possible attack
hc at lookcee.com
hc at lookcee.com
Sat Jan 26 08:15:02 CST 2013
Hey thanks Sean, I was actually trying to compile ckrootkit & was in the parent directory rather than the sub & the Makefile was already created in the installation pkg so running the ./configure + make sense commands returned what i figure was dumb error message handed to a dummy. I googled & the developers were giggling over it in a forum sooo after I saw the Makefile was there I ran just the make command. Here is the tail of the report.
Searching for LOC rootkit... nothing found
Searching for Romanian rootkit... nothing found
Searching for Suckit rootkit... nothing found
Searching for Volc rootkit... nothing found
Searching for Gold2 rootkit... nothing found
Searching for TC2 Worm default files and dirs... nothing found
Searching for Anonoying rootkit default files and dirs... nothing found
Searching for ZK rootkit default files and dirs... nothing found
Searching for ShKit rootkit default files and dirs... nothing found
Searching for AjaKit rootkit default files and dirs... nothing found
Searching for zaRwT rootkit default files and dirs... nothing found
Searching for Madalin rootkit default files... nothing found
Searching for Fu rootkit default files... nothing found
Searching for ESRK rootkit default files... nothing found
Searching for rootedoor... nothing found
Searching for ENYELKM rootkit default files... nothing found
This test is clean. I am slow learning but it is soaking in. At this point I am convinced the arcing KB wire was what triggered the phenomena I witnessed. I find my reaction was pretty fast I hit the power sw first so stopped whatever was happening. It sure popped me awake & I consider myself lucky not to have had an intrusion before now so I got the wake-up call.
Thanks to all for the suggestions I will work down the list. First I will check my ports to see what is open & do some reading on that aspect. I would appreciate any further guidance in what should I get installed & familiar with to insure say daily that I am still clean. Would I benefit in learning by proceeding in a particular order?
ps got the dvd USB drive late Fri, sweet unit $23, burned a new .iso for Mint-13-mate-32 & it installed & ran without a hitch very fast. When I learn a bit more I will run the scans on that BU-HD. I did open it with the live-dvd and it appears intact.
It's still all magic!
On Friday, January 25, 2013 14:09, "Crandall, Sean" <scrandall at jw.com> said:
> >>so I decided rkhunter seemed a choice to begin with, I DLed, extracted the
> tar all went >>well but make returned a statement: [[ "make: *** No rule to
> make target `sense' ]]. I >>had to go ask google (no joy), I am reviewing
> what I read & trying to figure out why >>make did not work, also I want to
> get these tools working on my system.
> Sorry if I'm stating the obvious, but since you say you've never compiled anything
> before, did you do a
> before you did make? Most source tarballs won't have a Makefile until you've run
> the configure script.
> Sean C. Crandall
> Registered Patent Attorney Jackson Walker L.L.P.
> 112 East Pecan Suite 2400
> San Antonio, TX 78205
> O: (210) 978-7714
> F: (210) 242-4656
> M: (210) 343-0340
> scrandall at jw.com
> This confidential e-mail is intended only for the named recipient(s). If it is
> misdirected, please destroy it immediately and contact the sender.
> SATLUG mailing list
> SATLUG at satlug.org
> http://alamo.satlug.org/mailman/listinfo/satlug to manage/unsubscribe
> Powered by Rackspace (www.rackspace.com)
More information about the SATLUG