On Mon, Sep 22, 2003 at 08:24:00PM -0400, Jason Dixon wrote:
It is for this reason that I'd like to suggest the following. Take
10 minutes to download, compile and run chkrootkit on your Linux
systems.
So there is a download chkrootkit vs. download Knoppix STD war
going on. And both have
On Tue, 2003-09-23 at 08:57, Kent Borg wrote:
On Mon, Sep 22, 2003 at 08:24:00PM -0400, Jason Dixon wrote:
It is for this reason that I'd like to suggest the following. Take
10 minutes to download, compile and run chkrootkit on your Linux
systems.
So there is a download chkrootkit vs.
On Tuesday, Sep 23, 2003, at 08:57 US/Eastern, Kent Borg wrote:
P.S. Did anyone point out that chkrootkit needs to be kept up to
date? It does.
Back in May, on the cobalt-security list, Michael Stauber of
solarspeed.net described a rootkit he'd found that completely evaded
chkrootkit 0.40...
On 22 Sep 2003, Jason Dixon wrote:
Everyone knows the Internet is a dangerous place. Folks who've been on
this list for a whileave probably heard me harp about security by now.
If you have, then you know I'm a nut when it comes to protecting your
system - AND - protecting others FROM your
On Mon, 2003-09-22 at 20:28, Benjamin J. Weiss wrote:
I'd say don't download and compile chrootkit. Instead, download the
knoppix security tools distribution (http://www.knoppix-std.org/), burn it
to a CD, then boot from it and *then* run chrootkit, which is on the CD.
This way you will
On Tue, 2003-09-23 at 10:24, Jason Dixon wrote:
Everyone knows the Internet is a dangerous place. Folks who've been on
this list for a whileave probably heard me harp about security by now.
If you have, then you know I'm a nut when it comes to protecting your
system - AND - protecting others
On 22 Sep 2003, Jason Dixon wrote:
On Mon, 2003-09-22 at 20:28, Benjamin J. Weiss wrote:
I'd say don't download and compile chrootkit. Instead, download the
knoppix security tools distribution (http://www.knoppix-std.org/), burn it
to a CD, then boot from it and *then* run chrootkit,
On Mon, 2003-09-22 at 20:42, Benjamin J. Weiss wrote:
On 22 Sep 2003, Jason Dixon wrote:
On Mon, 2003-09-22 at 20:28, Benjamin J. Weiss wrote:
I'd say don't download and compile chrootkit. Instead, download the
knoppix security tools distribution (http://www.knoppix-std.org/), burn
However, many of us work and exist in environments where
carrying around a CD doesn't scale.
Not to mention the need to reboot every box to run off the CD and
then reboot again when done. Several days work there.
My suggestion can be quickly and
easily performed on remote systems.
The
On Mon, 2003-09-22 at 21:10, Ian Mortimer wrote:
However, many of us work and exist in environments where
carrying around a CD doesn't scale.
Not to mention the need to reboot every box to run off the CD and
then reboot again when done. Several days work there.
Yup. Not to mention
At 08:57 p.m. 22/09/2003 -0400, Jason Dixon wrote:
On Mon, 2003-09-22 at 20:42, Benjamin J. Weiss wrote:
[snippy snip]
Um...Jason...the CERT training that I went to stated (though I have not
verified it externally) that it is still possible to fool chkrootkit if
you are running it in a
At 09:17 p.m. 22/09/2003 -0400, you wrote:
On Mon, 2003-09-22 at 21:10, Ian Mortimer wrote:
However, many of us work and exist in environments where
carrying around a CD doesn't scale.
Not to mention the need to reboot every box to run off the CD and
then reboot again when done. Several
--
Jason Dixon, RHCE
*sigh* I guess RHCE doesn't delve into the security aspects then eh ?
Look, I never intended to start a flame war or anything.
There are times and places where each approach has it's merits.
In my case, where I am a member of a military CERT, we have to be
absolutely
On Mon, 2003-09-22 at 21:30, Steve Phillips wrote:
At 08:57 p.m. 22/09/2003 -0400, Jason Dixon wrote:
On Mon, 2003-09-22 at 20:42, Benjamin J. Weiss wrote:
[snippy snip]
Um...Jason...the CERT training that I went to stated (though I have not
verified it externally) that it is still
At 08:41 p.m. 22/09/2003 -0500, you wrote:
--
Jason Dixon, RHCE
*sigh* I guess RHCE doesn't delve into the security aspects then eh ?
Look, I never intended to start a flame war or anything.
Actually, apologies - you are right there as well and I should probably
have worded my response in a
On Mon, 2003-09-22 at 21:36, Steve Phillips wrote:
At 09:17 p.m. 22/09/2003 -0400, you wrote:
Yup. Not to mention that rebooting is a red flag to hackers. The idea
here is to run diagnostics while trying to stay off their radar, else
you risk losing the evidence (and possibly your
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 22 Sep 2003 20:24:00 -0400, Jason Dixon wrote:
Everyone knows the Internet is a dangerous place. Folks who've been on
this list for a whileave probably heard me harp about security by now.
If you have, then you know I'm a nut when it comes to
17 matches
Mail list logo