[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian audititing tool?

Sorry it was fornesics, but the code is basically matching the machine
code, a unique pattern of 1's and 0's to the machine code of the kernal.
Unless you have a kernal file that doesn't have 1's and 0's in machine
language, you can scan the code.  I am not sure how ASM code is written


---- Christian Kurz <shorty@getuid.de> wrote:
> On 00-12-21 Dan Hutchinson wrote:
> > I would agree with your comments except the scan of the Linux Kernel.
> Thanks. :)
> >  You can use computer fornesics to scan the kernal against familiar
> trojan
> > and virus patterns realitively quickly and at least identify problem
> Hm, you know that some parts are written in ASM and that you could
> also
> use ASM in some parts of the kernel to protect malicous code? How could
> a fornesics (Hm, do you mean forensic?) detect this asm-code and know
> that it is malicous?
> Ciao
>      Christian
> -- 
> Ein "Nein" ausgesprochen mit der tiefsten Überzeugung ist besser
> und größer als ein "Ja" um zu gefallen oder noch schlimmer, um
> Schwierigkeiten zu umgehen.
>   -- Mahatma Gandhi
> --  
> To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
> with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

To get your own FREE ZDNet Onebox - FREE voicemail, email, and fax,
all in one place - sign up today at http://www.zdnetonebox.com

Reply to: