RE: MD5 sums of individual files?
It is more than possible. There are people that have figured out how to pad
a file to make the checksums the same. They don't have to worry about the
fact that your checksums cannot be changed because they will fake theirs to
match. This is much more work and would require that the hacker have more
skills than the regular script kiddy.
Pat Moffitt
MIS Administrator
Western Recreational Vehicles, Inc.
> -----Original Message-----
> From: Don Laursen [mailto:don@darkphoton.com]
> Sent: Thursday, March 29, 2001 10:40 AM
> To: debian-security@lists.debian.org
> Subject: RE: MD5 sums of individual files?
>
>
> Ok with that said, how feasable is it for a cracker to install their
> rootkit, and mimic the checksummed files to match the contents of the
> floppy? Wouldn't he/she just have to unmount the exising floppy drive,
> remount it to his/her pseudo check sums?
>
> I'm probably missing the howto detail where the alert is generated before
> rootkit is installed.
>
>
>
> Thanks,
> Don
>
>
> > Yes, sorry, I wasn't clear about that. The floppy is mounted RO, plus
> > the disk's tab is moved to the RO position. I agree... I
> > wouldn't feel
> > comfortable or safe if the floppy was just mounted RO.
> >
>
> >> Another way to do this is to install the AIDE package, that performs an
> checksum
> >> to certain files that you specify in the configuratio by the
> way tripwire
> do
> >> it... It's so easy to install and send you an e-mail notifying
> the daily
> results
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact
> listmaster@lists.debian.org
>
Reply to: