#string

... système était rebooté, le sniffer redémarrait le processus d'initialisation. Les lignes suivantes confirment que rpc.nfsd est le sniffer: mozart #strings /usr/sbin/rpc.nfsd | tail -15 cant get SOCK_PACKET socket cant get flags cant set promiscuous mode ----- [CAPLEN Exceeded] ----- [Timed Out] ----- [RST] ----- [FIN] %s => %s [%d] sniff.pid eth0 tcp.log cant open log rm %s Après avoir passé en revue le système et compris ce qui s'était passé, je quittai le système. J'étais curieux de savoir ce que ferait le hacker après. Je n'ai pas voulu qu'il sût que je l'avais attrapé, ainsi j'ai enlevé toutes mes entré ...

... a channel. /join {#channel} Makes you join the specified channel. /kick {#channel} {nickname} Kicks nickname off a given channel. /list [#string] [-min #] [-max #] Lists all currently available channels, evt. filtering for parameters. /log [on|off] Shows the logging status or sets it on or off for the current window. /me {action text} Sends the specifed action to the active channel or query window. /mode {#channel|nickname} [[+|-]modechars [parameters]] Sets channel or user modes. /msg {nickname} {message} Send a private message to this user without opening a query window. /names {#channel} Shows the nicks of all peo ...

... ou have to modify the inetd.conf an operator unlikely will realize what is appening since all other daemons run as root. Why have I crypted all data? #strings login (...) Yeah d00dz! That's a //\/\eg/+\Backd0[+]r by MASTER(...) of MEGA(...) Lame or not? All alien data must be crypted.. a fast exor crypting routine will work fine, of course you can use the standard crypt function or other (slow) algorithms but since security is not important (we just want to make our texts invisible) I suggest using my fast algo,to create the exor matrix simply put all texts on a file and use the little ExorCrypt utility I have leaved UUencoded below ...

... t. This ensured that if the system was rebooted, the sniffer would be restarted by the init process. Strings confirms rpc.nfsd is the sniffer: mozart #strings /usr/sbin/rpc.nfsd | tail -15 cant get SOCK_PACKET socket cant get flags cant set promiscuous mode ----- [CAPLEN Exceeded] ----- [Timed Out] ----- [RST] ----- [FIN] %s => %s [%d] sniff.pid eth0 tcp.log cant open log rm %s After reviewing the system and understanding what happened, I left the system alone. I was curious to see what the intruder's next steps would be. I did not want him to know that I had caught him, so I removed all of my entries from /usr/sbin/tcp.log. ...