[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [suse-security] rootkit?
On Thu, Jan 01, 2004 at 11:34:49PM +0100, Patrick Ahlbrecht wrote:
> Well, that's the thing, that was puzzeling me. I've already had some
> experiences with rootkits, so finding something with ps I could not sort in
> was quite surprissing. Nevertheless, my homebox (SuSE 9.0) would not show
> such a process, even though I got a local LAN here.
That depends on the network card. Some card drivers will spawn a kernel
thread to handle incoming packets, some don't.
The [foobar] notation usually indicates a kernel thread (more specifically,
a process where the memory in which the command line resides is currently
not available in RAM).
Olaf Kirch | Stop wasting entropy - start using predictable
okir@xxxxxxx | tempfile names today!
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here