Full Disclosure mailing list archives
RE: Rootkit
From: "Schmehl, Paul L" <pauls () utdallas edu>
Date: Fri, 26 Sep 2003 17:44:50 -0500
-----Original Message----- From: David Hane [mailto:dlhane () sbcglobal net] Sent: Friday, September 26, 2003 3:57 PM To: full-disclosure () lists netsys com Subject: [Full-disclosure] Rootkit Hi all, I recently had a machine get hacked before I could finish installing all the damn remote-root exploit patches that have been released in the last week. I've done the forensics and I know how they got in and what they did but I would like to know what rootkit they used. Can anyone recommend a good scanner or info site where I can compare some of the binaries I saved (the machine has been wiped)?
This is a great tool for many things, not just forensics. Everyone who has to do investigations or restorations should have a current copy. http://fire.dmzs.com/ You might also want to get chkrootkit. http://www.chkrootkit.org/ (This sometimes doesn't respond.) http://www.pangeia.com.br/download.htm (You can also get it here.) Paul Schmehl (pauls () utdallas edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu/~pauls/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Rootkit, (continued)
- Re: Rootkit Bruce Ediger (Sep 26)
- Re: Rootkit Paul Schmehl (Sep 26)
- Re: Rootkit Nate Hill (Sep 26)
- Re: Rootkit Soren Jacobsen (Sep 26)
- Re: Rootkit Paul Schmehl (Sep 26)
- Re: Rootkit Nate Hill (Sep 27)
- RE: Rootkit Marcus H. Sachs (Sep 26)
- RE: Rootkit Poof (Sep 26)
- Re: Rootkit kernelclue (Sep 26)
- Rootkit David Hane (Sep 26)
- RE: Rootkit Schmehl, Paul L (Sep 26)
- Re: Rootkit Bruce Ediger (Sep 26)