[NTLUG:Discuss] Understanding rootkits writeup
Tom Adelstein
adelste at netscape.net
Thu Aug 14 11:33:11 CDT 2003
ken at lt.com wrote:
> David Brown wrote:
>
>> Hey all,
>>
>> I found a great writeup on Detecting and Understading rootkits by
>> Arturo Alberto Busleiman over on rootprompt.org. I thought it very
>> interesting and informitive and figured I would share.
>>
>> http://www.net-security.org/dl/articles/Detecting_and_Understanding_rootkits.txt
>
>
>
>
> Thanks for the URL. I got hit by a rootkit many months ago (4 days out
> of date on an SSH patch) and the only way I discovered it was that 'ps
> -ef' started returning the wrong info, more like 'ps aux' than anything
> else. That got me to looking and I found it. What a wakeup call!
>
> Looks like even that won't work with the newer kits. From what I read,
> the kit will not change any outward appearance with its presence. I
> guess I'll need to spend some time looking at IDS and everything else.
>
> ...Ken
>
>
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
Thank you for that. I'm redistributing it on Government Forge!
More information about the Discuss
mailing list