19 Aug
2009
19 Aug
'09
1:03 p.m.
On Wed, Aug 19, 2009 at 1:57 AM, Bill Campbellcentos@celestial.com wrote:
You cannot trust tools like ``ps'', ``find'', ``netstat'', and ``lsof'' as these are frequently replaced by ones that are modified to hide the cracker's work.
As a corollary, the only safe way to audit a suspected system is booting your diagnostic tool from known good media (eg try a security Live CD distro)
--
Eduardo Grosclaude
Universidad Nacional del Comahue
Neuquen, Argentina