2. On what you should be looking for
Look for examples of the following which you cannot identify and/or are not
familiar with:
- running processes, especially those associated with network connections
and
- listening daemons, which could be running a service (such as IRC) or
operating a back door;
- TCP connections — not just those on locally-privileged ports;
- outbound UDP and ICMP traffic, which could be part of a (distributed)
denial of service attack or a scanning exercise.
About this document:
Produced from the SGML: /home/umits/public_html/_unix_security/_reml_grp/diagnostic_forensic_tools.reml
On: 23/10/2005 at 13:29:12
Options: reml2 -i noindex -l long -o html -p multiple