On Thu, 2003-07-03 at 22:30, Mario Lopez wrote:
> In any case if you have a lkm rootkit, your done, dosent matter if
> you upload static, dinamic or whatever, kernel root kits are hard to
> find, not even lsmod, rmmod can help you because it is quite easy to
> make a kernel module unloadable or even hiden, some of you may be
> thinking that they are safe to those kind of attacks because they
> have disabled kernel module support in theyr kernel, well they are
> wrong :), there is code, and nice white papers explaining how to
> insert kernel code through /proc/kmem, if I am not wrong Silvio
> Cesare developed this technique two or three years ago, although it
> hasent being exploited too much you must be aware of it's existance.
I dont have module support and I dont have /proc/kmem. Am I missing
something ? Running 2.4.20.
Shri
--
------------------------------------------------------------------------
Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745
I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499
Web: www.urbyte.com Email: shri@urbyte.com
Attachment:
signature.asc
Description: This is a digitally signed message part