Rootkit ?

censurato linguaggio.

--- Enclosed, please find the posted message.
Date: Fri, 26 Sep 2003 15:05:42 +0200
From: andrea<at>linux.it
Subject: Rootkit ? 

Un amico mi ha inviato questa mail, relativa
ad un problema del suo server. 

putroppo non ho accesso al server.

Qualcuno sa se si puo'  trattare di un rootkit ? 

saluti
a.f.

----- Forwarded message  -----
X-Original-To: andrea<at>localhost
From: XXXXX
Subject: sdisco saturo

ciao

ho avuto un problema :
il disco si era sputtanato (/usr) e saturato: pare la colpa fosse di un 
file di 2 giga.. un log palesemente:

/usr/include/linux/modules/lib.so# ls -l
total 2334196
-rw-rw-rw-   1 root     nogroup  2387877888 Sep 26 11:35 real

che c***o e'?? real aveva dentro cose del tipo:

symbol init_task_union found: 0xc0378000
- process 0 () hidden by the kernel
- process 0 () hidden by the kernel
- process 0 () hidden by the kernel
- process 0 () hidden by the kernel
- process 0 () hidden by the kernel
- process 0 () hidden by the kernel
- process 0 () hidden by the kernel
- process 0 () hidden by the kernel
- process 0 () hidden by the kernel
root<at>pippo:/usr/include/linux/module

QUalsiasi aiuto/idea sarebbe benissimo accetto :)



----- End forwarded message -----

-- 
Andrea Fanfani
" Boys: Tell me more, tell me more, did you get very far ?
  Girls: Tell me more, tell me more, like, does he have a car ?"
					(Summer Night - Grease)
----- End forwarded message -----

________________________________________________________
http://www.sikurezza.org - Italian Security Mailing List