Return-Path: Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S932425AbWBXTJF (ORCPT ); Fri, 24 Feb 2006 14:09:05 -0500 Received: (majordomo@vger.kernel.org) by vger.kernel.org id S932429AbWBXTJF (ORCPT ); Fri, 24 Feb 2006 14:09:05 -0500 Received: from kanga.kvack.org ([66.96.29.28]:5541 "EHLO kanga.kvack.org") by vger.kernel.org with ESMTP id S932425AbWBXTJE (ORCPT ); Fri, 24 Feb 2006 14:09:04 -0500 Date: Fri, 24 Feb 2006 14:04:09 -0500 From: Benjamin LaHaise To: Gene Heskett Cc: linux-kernel@vger.kernel.org Subject: Re: Weird login, possibly related to rootkit Q Message-ID: <20060224190409.GB9384@kvack.org> References: <200602230121.08670.gene.heskett@verizon.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <200602230121.08670.gene.heskett@verizon.net> User-Agent: Mutt/1.4.1i Sender: linux-kernel-owner@vger.kernel.org X-Mailing-List: linux-kernel@vger.kernel.org Content-Length: 923 Lines: 19 On Thu, Feb 23, 2006 at 01:21:07AM -0500, Gene Heskett wrote: > So we did a reinstall (rh9) without formatting because there was a lot > of non-replaceable data on it. This also saved the logs, but they are > obviously not a lot of help when about 5 hours is missing at about the > time everything went to hell. Let's get this straight: your old Linux distro got rooted, so you installed an old Linux distro that no longer gets security updates to replace it. Why is that kernel related? Sounds more like pebkac. -ben -- "Ladies and gentlemen, I'm sorry to interrupt, but the police are here and they've asked us to stop the party." Don't Email: . - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/