[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian audititing tool?

On Thu, Dec 21, 2000 at 03:37:56PM +0100, Christian Kurz wrote:

> Well, but then you need to know all patterns of malicous code that could
> occur. I think this will be a lot of patterns that you have to search
> for, so that the search will take a long time.
> > Unless you have a kernal file that doesn't have 1's and 0's in machine
> > language, you can scan the code.  I am not sure how ASM code is written
> > thou.
> Well, ASM (assembler) comes also down to 1 and 0 if you think about
> machine-code that is used by the processor. I thaught you wanted to scan
> the code that you find beneath /usr/src/linux.

I meant search for machine-code patterns.  Yes there are lots of them,
but string searching is fast.  This is exactly the same as M$ virus


|> |= -+- |= |>
|  |-  |  |- |\

Peter Eckersley
for techno-leftie inspiration, take a look at

Attachment: pgpfzZuf0YRRQ.pgp
Description: PGP signature

Reply to: