RE: what is means ? + rootkits..

To: debian-security@lists.debian.org
Cc: <debian-security@lists.debian.org>
Subject: RE: what is means ? + rootkits..
From: "Jan Johansson" <jan.johansson@viking-telecom.com>
Date: Fri, 19 Apr 2002 14:47:08 +0200
Message-id: <[🔎] E823FA92099E6C4C854CE791DFA1A3D2B61745@got02.vikingtelecom.com>

> How to protect against rootkis ? 

Keep your system up to date, do not run unrelaibale software, do not give accounts to people you do not trust.

> Is it some kind of trojan 
> wich working
> with root priviledges ?

Basically, yes. It is typically a "kit" you drop on the system via a remote root exploit, which replaces binaries, and tries to mask itself.

> Why some people says that eg. tripwire doesn't discover it ?

Then they dont know what they are saying, i would say that Tripwire / AIDE / such will be 100% efficient in detecting kits _PROVIDING_ that your database is current, and is stored in a tamper-proof location... and ofcource you actually use and update teh IDS database.


--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

Follow-Ups:
- Re: what is means ? + rootkits..
  - From: Patrick Maheral <pmaheral@AAI.ca>
- RE: what is means ? + rootkits..
  - From: Eric LeBlanc <inouk@toutatis.igt.net>

Prev by Date: Re: what is means ? + rootkits..
Next by Date: Re: what is means ?
Previous by thread: RE: what is means ?
Next by thread: Re: what is means ? + rootkits..
Index(es):
- Date
- Thread