[unisog] Cross-reference apps to TCP/UDP connections on UNIX??

Valdis.Kletnieks at vt.edu Valdis.Kletnieks at vt.edu
Tue Oct 8 15:41:52 GMT 2002


On Tue, 08 Oct 2002 09:13:11 EDT, Mark Brochu <mbrochu at mail.hartford.edu>  said:
> command will work on linux but not sure about other ports...  What's also
> neat is cross referencing the pid with /proc, helps detect if a rootkit is
> installed.

Of course, a *good* rootkit will give consistent results when you poke around
in /proc.  Remember - if your netstat looks in /proc, and your 'ls' looks
in /proc, the rootkit will lie to both of them....

-- 
				Valdis Kletnieks
				Computer Systems Senior Engineer
				Virginia Tech

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/unisog/attachments/20021008/ded9ca85/attachment-0007.bin


More information about the unisog mailing list