[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Full-Disclosure] RE: Linux (in)security

To: full-disclosure@lists.netsys.com
Subject: [Full-Disclosure] RE: Linux (in)security
From: Feher Tamas <etomcat@freemail.hu>
Date: Mon, 27 Oct 2003 12:20:36 +0100 (CET)

Hello,

>I can determine when a Windows box has been owned easily.
>How do you determine if you have a KLM on your Linux box?

On both occasions, you need to shut down the computer and boot it 
from an alternative source (like CD-ROM with MS-DOS), then load 
drivers for the file system (NTFS, EXT2, ReiserFS, etc.) and then run a 
virus scanner.

Or just relocate the suspect hard drive into another known clean 
machine and perform virus scanning with your favourite Windows/Unix 
antivirus software.

It is a fact of life that certain sophisticated Windows and Un*x root kits 
cannot be detected in runtime any more after they were installed. You 
must shut down the OS and investigate using an external standpoint, 
that is an alternative OS boot. (*)

Here is an article about sophisticated Windows Rootkits, they are now 
truly en par with their Un*x conterparts:
http://www.securityfocus.com/news/2879

Sincerely: Tamas Feher.

(*)
PS: It should be noted that some true server machines, like the IBM 
AS/400 have alternative boot path support by factory default. Un*x and 
Windows has a long way to go regarding reliability and security 
measures before they can catch IBM's monsters.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: Re: [Full-Disclosure] Java 1.4.2_02 InsecurityManager JVM crash
Next by Date: Re: [inbox] Re: [Full-Disclosure] RE: Linux (in)security
Previous by thread: RE: [Full-Disclosure] RE: Linux (in)security
Next by thread: [Full-Disclosure] Sylpheed-claws format string bug, yet still sylpheed much better than windows
Index(es):
- Date
- Thread