Detecting root kits?
Michael O'Donnell
mod+gnhlug at std.com
Mon Jun 23 11:54:58 EDT 2003
>> trustworthy in the positive case. A negative result
>> is inconclusive, since you're basically asking the
>> compromised system, "Hey! Are you compromised?"
>
> Then by this logic, -anything- you do, except for pulling the drive
> and mounting it in a system or booting off of a CD is suspect.
> While the most correct way, it's also the most impractical.
Um, yeah - that pretty much sums it up - I don't like it
any more than you do. That's why it's highly recommended
that you take care of business before the Bad Guys get you.
> You can find rootkits on systems with a much more minimal effort.
If that minimal effort yields a positive result, yay!
I was just pointing out that one ought not feel too comfy
if a minimal effort yields a negative result.
More information about the gnhlug-discuss
mailing list