Security Incidents mailing list archives
Re: More rootkit defense
From: Phil Stracchino <alaric () BABCOM COM>
Date: Tue, 27 Mar 2001 10:23:35 -0800
On Tue, Mar 27, 2001 at 01:09:51PM -0500, Jose Nazario wrote:
On Mon, 26 Mar 2001, Phil Stracchino wrote:It has come to my notice that the majority of skript-kiddies and writers of rootkits are either unaware of the oft-forgotten wonders of file attributes, or can't be bothered to provide for them in their 'sploits.question: it seems awfully Linux and BSD centric, using chattr. i see that similar attributes are available under IRIX (man attrinit(1M), attr(1)), but what about Solaris, HPUX, AIX, and such? has anyone got any information on these? a simple uname output detection in your scripts would make it versatile.
If anyone cares to let me know what equivalent tools are available on other platforms, I'd be happy to extend the tool.
relying on the stupidity of the kiddies will get you an increasingly shorter distance every day. while i loathe them, and i think they're moronic, they're learning, and getting better every time.
True, but why not exploit their weaknesses while they're available? (No, I don't think they're particularly flashing intellects either. You have a hammer and you want to impress me? Don't find something to smash with it, make something with it.) -- Linux Now! ..........Because friends don't let friends use Microsoft. phil stracchino -- the renaissance man -- mystic zen biker geek Vr00m: 2000 Honda CBR929RR -- Cage: 2000 Dodge Intrepid R/T Previous vr00mage: 1986 VF500F (sold), 1991 VFR750F3 (foully murdered)
Current thread:
- More rootkit defense Phil Stracchino (Mar 27)
- Message not available
- Re: More rootkit defense Phil Stracchino (Mar 27)
- Re: More rootkit defense gabriel rosenkoetter (Mar 28)
- Re: More rootkit defense Phil Stracchino (Mar 28)
- Re: More rootkit defense gabriel rosenkoetter (Mar 28)
- Re: More rootkit defense Phil Stracchino (Mar 27)
- Message not available
- Re: More rootkit defense Phil Stracchino (Mar 28)