Swatch-Like Trojan Parser for Syslog

Discussion in 'Computer Security' started by Dotman, Dec 14, 2003.

  1. Dotman

    Dotman Guest

    Does anyone know of a script that will search syslog for potential
    Trojan infected hosts? A site I helped to cleaned up was extremely infected
    ..
    Now I suspect some lingering programs. How is syslog checked for
    common trojan ports? Is there a swatch-like utility out there?
    Thanks
     
    Dotman, Dec 14, 2003
    #1
    1. Advertising

  2. In article <lh2Db.145661$>,
    says...
    > Does anyone know of a script that will search syslog for potential
    > Trojan infected hosts? A site I helped to cleaned up was extremely infected
    > .
    > Now I suspect some lingering programs. How is syslog checked for
    > common trojan ports? Is there a swatch-like utility out there?
    > Thanks
    >
    >
    >



    If the host was infected, there's no sure-fire-way to determine if *all*
    files are safe. Your only hope is to backup your data/config files and
    reinstall from scratch. Probably your best option would be to replace
    the harddrive and use a new one, installing everything from scratch.
    Apply all patches prior to turning any daemons on.

    Cert has a nice "how to", for once you've been compromised.

    --
    Colonel Flagg
    http://www.internetwarzone.org/

    Privacy at a click:
    http://www.cotse.net

    Q: How many Bill Gates does it take to change a lightbulb?
    A: None, he just defines Darkness? as the new industry standard..."

    "...I see stupid people."
     
    Colonel Flagg, Dec 14, 2003
    #2
    1. Advertising

  3. There are many CERTs but I think that this is the one referred to.

    http://www.cert.org/

    Dave



    "Colonel Flagg" <> wrote in message
    news:...
    | In article <lh2Db.145661$>,
    | says...
    | > Does anyone know of a script that will search syslog for potential
    | > Trojan infected hosts? A site I helped to cleaned up was extremely infected
    | > .
    | > Now I suspect some lingering programs. How is syslog checked for
    | > common trojan ports? Is there a swatch-like utility out there?
    | > Thanks
    | >
    | >
    | >
    |
    |
    | If the host was infected, there's no sure-fire-way to determine if *all*
    | files are safe. Your only hope is to backup your data/config files and
    | reinstall from scratch. Probably your best option would be to replace
    | the harddrive and use a new one, installing everything from scratch.
    | Apply all patches prior to turning any daemons on.
    |
    | Cert has a nice "how to", for once you've been compromised.
    |
    | --
    | Colonel Flagg
    | http://www.internetwarzone.org/
    |
    | Privacy at a click:
    | http://www.cotse.net
    |
    | Q: How many Bill Gates does it take to change a lightbulb?
    | A: None, he just defines Darkness? as the new industry standard..."
    |
    | "...I see stupid people."
     
    David H. Lipman, Dec 14, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Surendra Singhi
    Replies:
    0
    Views:
    564
    Surendra Singhi
    Feb 22, 2005
  2. Asana
    Replies:
    0
    Views:
    1,066
    Asana
    Jun 30, 2003
  3. lippy

    parser error

    lippy, May 26, 2005, in forum: Computer Support
    Replies:
    1
    Views:
    821
    =?ISO-8859-1?Q?R=F4g=EAr?=
    May 26, 2005
  4. rasmita
    Replies:
    0
    Views:
    3,271
    rasmita
    Sep 5, 2006
  5. Giuen
    Replies:
    0
    Views:
    1,151
    Giuen
    Sep 12, 2008
Loading...

Share This Page