On Tue, 11 May 2004 15:27:02 +0200, Adrian Gschwend wrote: Hi again! > I have a Solaris 8 box that seems to be rooted or otherwise cracked, and > it looks like it is abused as SPAM-relay. I do see from which port it is > sending the SPAM but I cannot associate a process to it. > > How can I get that information on Solaris? thanks to all who responded fast as usual! Here is the summary: The tool I was looking for is "lsof" and it is available at sunfreeware. Thanks to Rick, Tony, Marcos (aka gandalf ;) and John! Rick also proposed to get chkrootkit too (which is a good idea on this box I fear...) from Tery: It is not unusual for crackers to mask their activities by replacing key utilities with modified copies of the same utilities. These modified utilities show everything but the activity of the cracker. You have to get a known good copy of the utilities you are using. These can be used off the installation CDs if you mount them on the computer. The known good utilities will show the relationships you seek. Trust NOTHING off the cracked box. -- cu Adrian -- Adrian Gschwend System Administrator University of applied sciences Biel, Switzerland _______________________________________________ sunmanagers mailing list sunmanagers@sunmanagers.org http://www.sunmanagers.org/mailman/listinfo/sunmanagersReceived on Tue May 11 12:24:05 2004
This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:30 EST