[plug] Scary Stuff

Steve Grasso steveg at calm.wa.gov.au
Fri Dec 7 10:58:46 WST 2001


But if, for argument's sake, his machine _has_ been owned (and I'm not saying 
that it is) ls would likely be trojaned and wouldn't report anything 
interesting. Hence my suggestion to boot from a Linux floppy, mount /etc, cd 
/etc/init.d and ls -lah \?  (or whatever your favourite incantation is) from 
there.

Steve

On Friday 07 December 2001 10:44, Brad Campbell wrote:
> Adrian Woodley wrote:
> > Thats not a bad idea. However, the question still remains - What is it
> > and why is it there? :)
>
> What's in it, what are it's permissions uid/gid ?
> What dist are you using?
>
> for me, in bash
> ls -lah \?
> tell me whats in it, an rm \? -r
> get's rid of it..



More information about the plug mailing list