Security Basics mailing list archives
Re: Keen to test out root kits
From: H Carvey <keydet89 () yahoo com>
Date: 19 Feb 2004 20:25:22 -0000
In-Reply-To: <009601c3f48c$daf58c70$6502010a () coenholdings ie> Mike,
There are tools available for many of these kits to discover their presence on a system and even break passwords etc for the purpose of hijacking them from another cracker. A crackers dream is to get one of these kits installed on a system and you are proposing to do that for them. Even if you took the security steps provided by these kits you cannot secure yourself from attack.
I think that perhaps you're confusing terminology here a bit. Rootkits are generally used to hide the presence of the attacker on a system, and may not in and of themselves be (or provide) backdoors. I'm speaking largely (though not completely) from a Windows perspective, here. A _backdoor_ will generally open a port or even have some way of contacting the attacker to let him know that it's online (a la an IRCBot, etc). And yes, a rootkit can hide the presence of a backdoor.
In short the answer is unless you are installing them on a test system which is isolated from any other network with no critical information, and you can wipe and reformat the system you would be mad to try.
If you know what you're doing, there is no need whatsoever to do any of this. I fully agree w/ your warning about production systems, but perhaps anyone foolish enough to do so deserves what happens. On Windows systems, install InControl5, and run the first phase of a two-phase scan. Install your rootkit (Vanquish, AFX Rootkit 2003, HackerDefender, etc). Then reboot your (2K, XP) system into Safe Mode and run the second phase of InCtrl5. This will let you know what you need to remove. AFX is easy. The DLL injection-type user mode rootkits are easy, for the most part...they only seem so b/c they're called "rootkits". --------------------------------------------------------------------------- Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection Protect your network with the comprehensive security solution that integrates six applications for ease of use and lower TCO. Firewall - Virus protection - Spam protection - URL blocking - VPN - Wireless security. Download 30-day evaluation at: http://www.securityfocus.com/sponsor/Astaro_security-basics_040219 ----------------------------------------------------------------------------
Current thread:
- Keen to test out root kits Patrick Fong (Feb 13)
- Re: Keen to test out root kits Dedric Ramsey - Ramsey Consulting Svcs (Feb 16)
- RE: Keen to test out root kits Wolfgang Schramm (Feb 16)
- RE: Keen to test out root kits Mike (Feb 16)
- <Possible follow-ups>
- Re: Keen to test out root kits Tom Stowell (Feb 16)
- RE: Keen to test out root kits Matt Lyon (Feb 16)
- RE: Keen to test out root kits Shawn Jackson (Feb 16)
- Re: Keen to test out root kits H Carvey (Feb 19)