On Fri, 11 Jan 2002, Noah L. Meyerhans wrote: > On Fri, Jan 11, 2002 at 10:25:03PM +0100, martin f krafft wrote: > > > > i doubt that a kernel module can override the linux kernel filesystem > > abstraction layer. but i guess it could be possible. > > > > Oh, it certainly can! knark is a perfect example of a kernel module to > do just this. (knark is Swedish for "drugged".) It allows files, > processes, network connections, and network interface promiscuity to be > *completely* hidden. It allows the cracker to override what actual > binary file gets run when a user tries to run some other (possibly > hidden) executable. Here kstat might be of intrest, it's getting it's information directly from the kernel structures. (reading /dev/kmen, and using a dummy module) [RicV] -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
- Re: I've been hacked by DevilSoul Ricardo B
- Re: I've been hacked by Devil... Henrique de Moraes Holschuh
- Re: I've been hacked by ... Florian Weimer
- Re: I've been hacked... Dries Kimpe
- Re: I've been hacked... Florian Weimer
- Re: I've been hacked... Dave Kline
- Re: I've been hacked... Henrique de Moraes Holschuh
- Re: I've been hacked by Devil... martin f krafft
- Re: I've been hacked by ... Noah L. Meyerhans
- Re: I've been hacked... martin f krafft
- Re: I've been hacked... Richard
- Re: I've been hacked... Dries Kimpe
- Re: I've been hacked... Florian Weimer
- Re: I've been hacked by ... Ricardo B
- Re: I've been hacked by Devil... Noah L. Meyerhans
- Re: I've been hacked by DevilSoul Alvin Oga
- Re: I've been hacked by DevilSoul Jacques Lav!gnotte
- Re: I've been hacked by DevilSoul Christoph Wegener
- Re: I've been hacked by DevilSoul Alan Aldrich
- Re: I've been hacked by DevilSoul Alan Aldrich
- Re: I've been hacked by DevilSoul Will Wesley, CCNA