[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] rootkit?

On Thu, Jan 01, 2004 at 11:34:49PM +0100, Patrick Ahlbrecht wrote:
> Well, that's the thing, that was puzzeling me. I've already had some 
> experiences with rootkits, so finding something with ps I could not sort in 
> was quite surprissing. Nevertheless, my homebox (SuSE 9.0) would not show 
> such a process, even though I got a local LAN here.

That depends on the network card. Some card drivers will spawn a kernel
thread to handle incoming packets, some don't.

The [foobar] notation usually indicates a kernel thread (more specifically,
a process where the memory in which the command line resides is currently
not available in RAM).

Olaf Kirch     |  Stop wasting entropy - start using predictable
okir@xxxxxxx   |  tempfile names today!

Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here