Security Incidents mailing list archives
Re: R00t Kits
From: Dave Dittrich <dittrich () cac washington edu>
Date: Wed, 6 Jun 2001 14:24:23 -0700 (PDT)
On Wed, 6 Jun 2001, Davis, Scott wrote:
I am in the process of writing a perl script that will look for known root kits on a *nix systems. A) Does anyone know if this script already exists ? (Don't want to invent the wheel a second time)
There are a couple. "chkrootkit" is specific to various rootkits, and "ramenfind" is geared more towards Linux worm detection/cleanup.
B) Does anyone know a site that has all of the know r00t kits listed and what files to look for ?
I don't know of one that claims to have *all known* rootkits (especially not trivial variants). I just updated some links in the following paper, which should help you: http://staff.washington.edu/dittrich/misc/faqs/rootkits.faq -- Dave Dittrich Computing & Communications dittrich () cac washington edu University Computing Services http://staff.washington.edu/dittrich University of Washington PGP key http://staff.washington.edu/dittrich/pgpkey.txt Fingerprint FE 97 0C 57 08 43 F3 EB 49 A1 0C D0 8E 0C D0 BE C8 38 CC B5
Current thread:
- R00t Kits Davis, Scott (Jun 06)
- Re: R00t Kits jamie rishaw (Jun 06)
- Re: R00t Kits Dave Dittrich (Jun 06)