Rootkits (Was: Re: [nflug] Another reason to not use M$ products...)

Frank Kumro fkumro at gmail.com
Wed Nov 2 18:25:22 EST 2005


If you ever find the copy I would like one too because I would be
interested in how this is done with code. Thanks for the
information...im going to check for rootkits now.

On 11/2/05, David W. Aquilina <david at starkindler.us> wrote:
> On Wed, Nov 02, 2005 at 04:23:22PM -0500, Frank Kumro wrote:
> > Honestly I have never heard about any rootkits for linux. Are they
> > open source too? Im not looking for the source to run them I just want
> > a better understanding of them.
>
> Breaking this off into it's own thread...
>
> Most rootkits do the same types of things regardless of the OS. The goals are often the same as well, mainly being to grant administrative access and to hide their own existance. One particular rootkit I've seen (called SucKIT) in the past worked by patching the running kernel via /dev/kmem, provided a root shell that could be connected to remotely, and could even hide that shell behind a port that was already being used by another process.
>
> There's a couple different utilities that can check for rootkits, the ones I'm mainly aware of are rootkit hunter (http://www.rootkit.nl/projects/rootkit_hunter.html) and chkrootkit (http://www.chkrootkit.org/).
>
> I might have a copy of SucKIT around, but the last time I tried it didn't work on RHEL 3 or 2.6 kernels.
>
> --
> David W. Aquilina
> david at starkindler.us
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
>


--
Frank
Shenanigans!!
_______________________________________________
nflug mailing list
nflug at nflug.org
http://www.nflug.org/mailman/listinfo/nflug



More information about the nflug mailing list