From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.67) (envelope-from ) id 1II6b8-0000Q6-Oo for garchives@archives.gentoo.org; Mon, 06 Aug 2007 17:42:31 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l76HfFv2026767; Mon, 6 Aug 2007 17:41:15 GMT Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l76HawIi021970 for ; Mon, 6 Aug 2007 17:36:58 GMT Received: from localhost (localhost [127.0.0.1]) by smtp.gentoo.org (Postfix) with ESMTP id 146ED6560D for ; Mon, 6 Aug 2007 17:36:58 +0000 (UTC) X-Virus-Scanned: amavisd-new at gentoo.org X-Spam-Score: -0.986 X-Spam-Level: X-Spam-Status: No, score=-0.986 required=5.5 tests=[AWL=-0.987, BAYES_50=0.001] Received: from smtp.gentoo.org ([127.0.0.1]) by localhost (smtp.gentoo.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id z0tvR+4Ru-TK for ; Mon, 6 Aug 2007 17:36:56 +0000 (UTC) Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) (using TLSv1 with cipher AES256-SHA (256/256 bits)) (No client certificate requested) by smtp.gentoo.org (Postfix) with ESMTP id 172AC65430 for ; Mon, 6 Aug 2007 17:36:55 +0000 (UTC) Received: from list by ciao.gmane.org with local (Exim 4.43) id 1II6VZ-0000C7-BO for gentoo-user@gentoo.org; Mon, 06 Aug 2007 19:36:45 +0200 Received: from www.buffer.net ([24.73.161.102]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 06 Aug 2007 19:36:45 +0200 Received: from wireless by www.buffer.net with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Mon, 06 Aug 2007 19:36:45 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: gentoo-user@lists.gentoo.org From: James Subject: [gentoo-user] Re: Excessive processor usage Date: Mon, 6 Aug 2007 17:36:36 +0000 (UTC) Message-ID: References: <46B70B09.7010909@verizon.net> <46B70E29.9050205@silvanoc.com> <46B71449.1040602@linuxant.fr> <20070806162956.86822e02.hilse@web.de> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: main.gmane.org User-Agent: Loom/3.14 (http://gmane.org/) X-Loom-IP: 24.73.161.102 (Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.8.1.5) Gecko/20070725 SeaMonkey/1.1.3) Sender: news X-Archives-Salt: 6642985b-642d-4820-94e7-565daf13dc3b X-Archives-Hash: 6c344dadc5f61fb5d6600e44990cffd3 Hans-Werner Hilse web.de> writes: > > If you want to check there is no such program on your system, I > > advice you to try chkrootkit, to check there is no such rootkit on > > your system... > To put it correctly, since there is _NO_ way to assure that there isn't > a rootkit: > chkrootkit can be used to check whether there _are_ _known_ rootkits. > BTW, there are other, similar programs that do the same. > But my point is: You can never be sure, since a hypothesis can't be > proven correct, just invalid. Well you are right and you are wrong. You are right for noobs. If the person has a second system and sets up a flat hub and the ethernet in stealth mode, you can sniff the ethernet I/O all day long and use a variety of tools to discern if nefarious activities abound on a given system. Sure it's a bit of work, but all hacked systems I've ever seen use the system to ethernet I/O. They can encrypt that traffic, but if you know what should/not be traversing the ethernet, there is no way to hide an actively compromised system. If the hacker scantly uses resources, and is elite, often it's the best thing for a noob, because they keep the systems in pristine condition.... building a gentoo based firewall, that runs off of a non rewritable media (CD and such) is definitely a good idea, if you want to control your resource utilization.... ymmv, hth, James -- gentoo-user@gentoo.org mailing list