Hans-Werner Hilse <hilse <at> web.de> writes: > > If you want to check there is no such program on your system, I > > advice you to try chkrootkit, to check there is no such rootkit on > > your system...
> To put it correctly, since there is _NO_ way to assure that there isn't > a rootkit: > chkrootkit can be used to check whether there _are_ _known_ rootkits. > BTW, there are other, similar programs that do the same. > But my point is: You can never be sure, since a hypothesis can't be > proven correct, just invalid. Well you are right and you are wrong. You are right for noobs. If the person has a second system and sets up a flat hub and the ethernet in stealth mode, you can sniff the ethernet I/O all day long and use a variety of tools to discern if nefarious activities abound on a given system. Sure it's a bit of work, but all hacked systems I've ever seen use the system to ethernet I/O. They can encrypt that traffic, but if you know what should/not be traversing the ethernet, there is no way to hide an actively compromised system. If the hacker scantly uses resources, and is elite, often it's the best thing for a noob, because they keep the systems in pristine condition.... building a gentoo based firewall, that runs off of a non rewritable media (CD and such) is definitely a good idea, if you want to control your resource utilization.... ymmv, hth, James -- [EMAIL PROTECTED] mailing list
