Re: Debian audititing tool?
Sorry it was fornesics, but the code is basically matching the machine
code, a unique pattern of 1's and 0's to the machine code of the kernal.
Unless you have a kernal file that doesn't have 1's and 0's in machine
language, you can scan the code. I am not sure how ASM code is written
thou.
Dan
---- Christian Kurz <shorty@getuid.de> wrote:
> On 00-12-21 Dan Hutchinson wrote:
> > I would agree with your comments except the scan of the Linux Kernel.
>
> Thanks. :)
>
> > You can use computer fornesics to scan the kernal against familiar
> trojan
> > and virus patterns realitively quickly and at least identify problem
>
> Hm, you know that some parts are written in ASM and that you could
> also
> use ASM in some parts of the kernel to protect malicous code? How could
> a fornesics (Hm, do you mean forensic?) detect this asm-code and know
> that it is malicous?
>
> Ciao
> Christian
> --
> Ein "Nein" ausgesprochen mit der tiefsten Überzeugung ist besser
> und größer als ein "Ja" um zu gefallen oder noch schlimmer, um
> Schwierigkeiten zu umgehen.
> -- Mahatma Gandhi
>
>
> --
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
>
>
___________________________________________________________________
To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax,
all in one place - sign up today at http://www.zdnetonebox.com
Reply to: