Re: nouser - rootkit ?

[Kyle R Maxwell <kylemaxwell () yahoo com>]

Obscure though it may be, a rootkit might have been written for IRIX
either due to intentional targeting of a particular organization, or
with the realization that IRIX deployments are typically fairly
powerful installations, not your run-of-the-mill ISP (this includes
folks like NASA, etc.) There have even been a few major websites that
ran on IRIX for a good amount of time. 

So an IRIX rootkit, while not near as common as one for, say, Solaris
or Linux, might still be useful to a lot of folks.

--- Bruce Ediger <eballen1 () qwest net> wrote:
> On Mon, 11 Mar 2002, Konrad Rieck wrote:
>
> > I wonder if there are really attackers out there installing
> bogus-rootkits
> > in order to protect the real ones. Has anybody on this list
> detected such
> > kind of "feints"?
>
> I posted to usenet last year with the same question, because one
> of the machines I tend got rooted.
>
> In response, some guy claimed he found a rootkit that had at least
> two layers:
http://groups.google.com/groups?hl=en&selm=9h6gsa%2414r%241%40bob.news.rcn.net
> I'm not at all sure I believe this story: IRIX is pretty obscure,
> and not very widely used.  Why would anyone go to the effort of
> doing a "feint" rootkit to mask a "real" rootkit for so few targets?


=====
Kyle Maxwell       [kylemaxwell () yahoo com]
http://Xwell.org      Infosec, Unix, maths
"That that is is that that is not is not."

__________________________________________________
Do You Yahoo!?
Try FREE Yahoo! Mail - the world's greatest free email!
http://mail.yahoo.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com