Detecting root kits?

Kevin D. Clark kclark at CetaceanNetworks.com
Mon Jun 23 11:59:21 EDT 2003


Ben Boulanger <ben at blackavar.com> writes:

> Then by this logic, -anything- you do, except for pulling the drive and 
> mounting it in a system or booting off of a CD is suspect.  While the most 
> correct way, it's also the most impractical.  You can find rootkits on 
> systems with a much more minimal effort.  Will you find the really good 
> hackers?  No - but you won't find them if you boot off of a CD either.

s/hacker/attacker/

> The short of it is, if you think you're compromised, you probably are.  
> Look around and you're sure to find something.  Real hackers don't go 

s/hacker/attacker/

> after these kind of boxes - not even as jump points.  You're dealing with 
> script kiddies and script kiddies tend to not cover tracks well. 

--kevin
-- 
"Didn't anyone tell you," he says, losing the dialect, 
"that I was a hacker?" 
  -- Hiro Protagonist 




More information about the gnhlug-discuss mailing list