Security Incidents mailing list archives
Re: nouser - rootkit ?
From: Kyle R Maxwell <kylemaxwell () yahoo com>
Date: Tue, 12 Mar 2002 11:08:06 -0800 (PST)
Obscure though it may be, a rootkit might have been written for IRIX either due to intentional targeting of a particular organization, or with the realization that IRIX deployments are typically fairly powerful installations, not your run-of-the-mill ISP (this includes folks like NASA, etc.) There have even been a few major websites that ran on IRIX for a good amount of time. So an IRIX rootkit, while not near as common as one for, say, Solaris or Linux, might still be useful to a lot of folks. --- Bruce Ediger <eballen1 () qwest net> wrote:
On Mon, 11 Mar 2002, Konrad Rieck wrote:I wonder if there are really attackers out there installingbogus-rootkitsin order to protect the real ones. Has anybody on this listdetected suchkind of "feints"?I posted to usenet last year with the same question, because one of the machines I tend got rooted. In response, some guy claimed he found a rootkit that had at least two layers:
http://groups.google.com/groups?hl=en&selm=9h6gsa%2414r%241%40bob.news.rcn.net
I'm not at all sure I believe this story: IRIX is pretty obscure, and not very widely used. Why would anyone go to the effort of doing a "feint" rootkit to mask a "real" rootkit for so few targets?
===== Kyle Maxwell [kylemaxwell () yahoo com] http://Xwell.org Infosec, Unix, maths "That that is is that that is not is not." __________________________________________________ Do You Yahoo!? Try FREE Yahoo! Mail - the world's greatest free email! http://mail.yahoo.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- nouser - rootkit ? Dan Uscatu (Mar 10)
- Re: nouser - rootkit ? Eric Brandwine (Mar 11)
- Re: nouser - rootkit ? Ryan Russell (Mar 11)
- Re: nouser - rootkit ? Konrad Rieck (Mar 11)
- Re: nouser - rootkit ? Bruce Ediger (Mar 12)
- Re: nouser - rootkit ? Kyle R Maxwell (Mar 12)
- Re: nouser - rootkit ? Jose Nazario (Mar 12)
- Re: nouser - rootkit ? Eric Brandwine (Mar 12)
- Re: nouser - rootkit ? [:multiple root kit thread:] Dan Rohan (Mar 12)
- Re: nouser - rootkit ? Dave Dittrich (Mar 12)
- Re: nouser - rootkit ? Eric Brandwine (Mar 12)
- Re: nouser - rootkit ? Brian Hatch (Mar 12)
- Re: nouser - rootkit ? Eric Brandwine (Mar 11)
- <Possible follow-ups>
- Re: nouser - rootkit ? Bill_Royds (Mar 12)