Re: tornkit

[Talisker <Talisker () NETWORKINTRUSION CO UK>]

I had the same reported to me, I passed the information to Nelson
(chkrootkit).  I don't know whether he monitors this list and hope he
doesn't mind me replying on his behalf.  He advises that he a has new
version of chkrootkit which is due out next week, one of the fixes is to a
"find" bug which may be the problem with t0rn.

Take Care
Andy
http://www.networkintrusion.co.uk Talisker's comprehensive IDS & Scanner
List
                    '''
                 (0 0)
  ----oOO----(_)----------
  | The geek shall        |
  |  Inherit the earth     |
  -----------------oOO----
               |__|__|
                  || ||
              ooO Ooo


The opinions contained within this transmission are entirely my own, and do
not necessarily reflect those of my employer.





----- Original Message -----
From: "torn" <t0rn3r () HOTMAIL COM>
To: <VULN-DEV () SECURITYFOCUS COM>
Sent: Friday, October 06, 2000 5:39 AM
Subject: Re: tornkit


> dor - alchemy.chem.utoronto.ca was on the incident
> list
> torner - i know i got a email from them ;)
> evilara - h3h3
> *** evilara sets mode: +o torner
> torner - : chkrootkit-0.17.tar.gz
> torner - Add tests for new and popular variations of
> rootkits,
> torner - including Tornkit.
> torner - ;)
> torner - chkrootkit never found tornkit ;)
> torner - i tested it many times
>
> http://connect.to/tornkit
> among other things from his old hard drive