Re: Rootkit

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



El Domingo, 21 de Octubre de 2007 01:38, John Summerfield escribió:
>
> I've seen one that didn't do what they installer intended (it tried to
> email its IP address to someone, but assumed eth0 was the interface to
> the world. it was, but had a private IP address on it.
>
> It also installed binaries that caused the system to crash, and that
> alerted me (and ensured that even if the intruder found it, he'd not be
> able to use it).

Even when I run chkrootkit I don't feel safe cause if you're system has been 
owned, are you sure you can trust the results the anti rootkit is reporting 
you?
>From my point of view, if you got a rootkit the best thing you can do it, 
firstly, figure out how you got hacked and then just re-install the system, 
otherwise, the system is not going to be truly reliable anymore.

Sometimes it's also a good idea to have the "strings" command in mind when you 
think you have been hacked, string ls string reboot and string some other 
important commands is usually a good start (bearing in mind that string could 
have been replace, hence we're in the same loop again) :-)

>
> On another system, a kit penetrated a user account (the boss's wife's),
> couldn't crack the kernel, though it had tools to test known sploits,
> installed an IRC bot and proceeded to scan the Internet for vulnerable
> systems.

It reminds me when I was working with some AIX and we got a visitor who 
uploaded linux exploits and tried to run them forever, I'd pay to see his 
face saying something..."why these damn exploits are not running in this 
system, they run perfectly on my linux box..."

All the best
Manuel.

-- 
Manuel Arostegui Ramirez.

Electronic Mail is not secure, may not be read every day, and should not
be used for urgent or sensitive issues.

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux