Date: Thu, 7 May 1998 02:16:08 +0100 From: Duncan Simpson <dps@IO.STARGATE.CO.UK> Subject: check-ps 1.2 pre-release To: BUGTRAQ@NETSPACE.ORG It is an age since I last announced this program and I should have got back sooner. Better late than never. check-ps is a program that tries to blend in with the background and runs ps every so often (as nobody). It compiles its own list and compares the two. If suspect differeneces turn up it yells at the administrator by email via another machine (it uses port 25 to avoif local logs). It will optionally kill the processes. Anti=race condition code is there but it has not been tested much. The code is avialable by anonymous ftp from mars.astra.co.uk in the pub/word2x directory. Any relationship with the previous version of eons ago is remote. Much of the size is due to massive paranioa coding everywhere. On linux it will probably tell you where the cracker is connecting from if he/she overruns a buffer of a network service and the local port number (so you know exactly which service was involved too...) -- Duncan (-: "software industry, the: unique industry where selling substandard goods is legal and you can charge extra for fixing the problems."