Date: Mon, 22 Jun 1998 11:33:04 -0400 (EDT) From: bush doctor <dervish@ikhala.tcimet.net> To: questions@FreeBSD.ORG Subject: Re: Looking for hackers with netstat Message-ID: <199806221533.LAA09743@ikhala.tcimet.net> In-Reply-To: <358D2C1E.45A12711@globalserve.net> from Geoffrey Robinson at "Jun 21, 98 11:51:58 am"
next in thread | previous in thread | raw e-mail | index | archive | help
Once upon a time <Geoffrey Robinson> said: > I've heard that hackers can hide their presence from the who and w commands. Just a question here. When one does the following: 1. setenv DISPLAY localmachine:0 # executed on remote host ... 2. xhost +remotemachine # executed on local host ... 3. command& # executed on remote host ... 4. <ctrl-D> in original window ... # executed on remote host ... I notice that my processes no longer show up in w or who commands ... is this one of the things hackers are doing to advoid detection. Processes does still show up with a `ps -axl' -- bush doctor To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199806221533.LAA09743>