On Tue, Oct 29, 2002 at 04:12:54PM -0800, Alvin Oga wrote:
> i say modifying files is a give away .. that says 
> "come find me" .... which is trivial since its modified
> binaries

If they do it right, it's not a giveaway.  If they're quick, thorough,
and accurate, they can certainly do it right.  On the other hand, I've
seen cracked Solaris boxes on which the rootkit installed a patched
version of GNU's ls in place of the default ls.  That was a pretty
obvious giveaway.

The thing with rootkits is that they're pretty target-specific.  They're
not usually robust enough to be installed on a different Linux
distribution or even a different version of the intended target distro.
Rootkits aren't what I usually worry about; It's the determined,
knowledgeable attackers that I don't like.  Fortunately there aren't as
many of them to worry about.


| Web: http://web.morgul.net/~frodo/
| PGP Public Key: http://web.morgul.net/~frodo/mail.html 

Attachment: pgpY6PFenwrHX.pgp
Description: PGP signature

Reply via email to