[clug] DDos attacks using Linux hosts. (the-sky-is-falling now a "thing", according to the Aztec calendar)

Bryan Kilgallin bryan at netspeed.com.au
Thu Sep 8 14:29:36 UTC 2016

Thanks, Scott:

> Given the context, I'm unsure as to what you expected.

Some report as to whether or not a rootkit was present.

> Given that you
> have posed no question - I'm unsure as to the point of your post.

It was a statement.

> Was
> there a point?

Please interpret the report.

> A list of variations from rkhunter's default expectations is of
> immeasurable concern.

That was why I posted it.

> Is this a debian based system?

Yes: Ubuntu 12.04 LTS.

> if so did you create a debsum database
> on creation? Have you run one since?

I have no idea what you're on about!

> Did you create a read-only SHA256+ hashed db on your system before
> exposing it to the intertubes?

I installed tripwire by default. Then because I didn't understand it, I 
deleted that.

> On a removable device?


> If the answer to
> those questions is no, I'm uncertain of what you could expect without a
> baseline...

I'm not understanding, which is why I posted.

> I ask partially because others may jump to the conclusion that belatedly
> installing and then running rkhunter may prove of use as a substitute
> for prior planning and proper deployment.

You mentioned tools that I hadn't heard of. So I tried them!

> Perhaps I'm putting too much into the assumption you simply installed it
> onto a box that has been running unmonitored for some time, ran it once
> without reading the man file and are now concerned by results you don't
> understand.

I had a brief squiz at the info.

> But I'm guessing.

I am not a subject expert of whatever you were writing about.

> Given more time and sleep I hope I would phrase the previous
> differently, but as that's not the case I hope instead that it may
> provide some help with the question you failed to ask.

Do I need to delete some unknown suspect file?


More information about the linux mailing list