On Tue, Oct 29, 2002 at 04:12:54PM -0800, Alvin Oga wrote: > i say modifying files is a give away .. that says > "come find me" .... which is trivial since its modified > binaries
If they do it right, it's not a giveaway. If they're quick, thorough, and accurate, they can certainly do it right. On the other hand, I've seen cracked Solaris boxes on which the rootkit installed a patched version of GNU's ls in place of the default ls. That was a pretty obvious giveaway. The thing with rootkits is that they're pretty target-specific. They're not usually robust enough to be installed on a different Linux distribution or even a different version of the intended target distro. Rootkits aren't what I usually worry about; It's the determined, knowledgeable attackers that I don't like. Fortunately there aren't as many of them to worry about. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
msg07581/pgp00000.pgp
Description: PGP signature
