Detecting root kits?
Kevin D. Clark
kclark at CetaceanNetworks.com
Mon Jun 23 11:59:21 EDT 2003
Ben Boulanger <ben at blackavar.com> writes:
> Then by this logic, -anything- you do, except for pulling the drive and
> mounting it in a system or booting off of a CD is suspect. While the most
> correct way, it's also the most impractical. You can find rootkits on
> systems with a much more minimal effort. Will you find the really good
> hackers? No - but you won't find them if you boot off of a CD either.
s/hacker/attacker/
> The short of it is, if you think you're compromised, you probably are.
> Look around and you're sure to find something. Real hackers don't go
s/hacker/attacker/
> after these kind of boxes - not even as jump points. You're dealing with
> script kiddies and script kiddies tend to not cover tracks well.
--kevin
--
"Didn't anyone tell you," he says, losing the dialect,
"that I was a hacker?"
-- Hiro Protagonist
More information about the gnhlug-discuss
mailing list