[Nottingham] Paranoid already

[Alex Herington]

| > I also find running "netstat -tpan" pretty useful as it'll tell
| you which
| > program is listening on which port and detail any active connections.
| > Particularly useful for checking for backdoors and other nasties :)
|
| Hmm, if you box has been rooted well, then you can't trust tools like
| netstat or ps, unless your using tripwire (on a remote host) to verifiy
| file integrity, I think I heard the gnu site got hacked the other day,
| and certain packages 'replaced' with dubious copies..probably had some
| backdoor code injected them(!).

Or you could keep a renamed tar'ed duplicate of the netstat binary :P Would
that work on a box that's had a rootkit installed?