[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Debian audititing tool?

"Dan Hutchinson" <hutchinsond@zdnetonebox.com> writes:

> Sorry I miss read your response.
> Well you can get the source kernel and run it threw the fornesics program
> then compile it possible.
> Anyway it will help with open trojans and virus anyway.

There's a couple of things that could go wrong here:

 - gcc could be modified to include a backdoor in the kernel,
   something like the way described here:


 - The trojan could be a Linux kernel module that hides itself from
   any system calls that might detect it, substituting innocuous code,
   and different MD5 checksums.  You can easily find modules like this
   quite easily on the web.

	 Carey Evans  http://home.clear.net.nz/pages/c.evans/

  "May not be representative of the experience of actual customers."

Reply to: