Re: DHCP - rootkit

To: debian-security@lists.debian.org
Subject: Re: DHCP - rootkit
From: Peter Cordes <peter@llama.nslug.ns.ca>
Date: Fri, 1 Nov 2002 18:41:43 -0400
Message-id: <[🔎] 20021101224143.GB20618@llama.nslug.ns.ca>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <Pine.LNX.3.96.1021029170158.2988A-100000@Maggie.Linux-Consulting.com>
References: <20021030002225.GI31030@morgul.net> <Pine.LNX.3.96.1021029170158.2988A-100000@Maggie.Linux-Consulting.com>

On Tue, Oct 29, 2002 at 05:10:12PM -0800, Alvin Oga wrote:
> am not as worried about the determined hacker/crackers that 
> can modify binaries such that md5sum matches my tripewire db and
> other security precautions (databases and baseline) of my servers

 MD5 is still believed to be secure.  i.e. Nobody can modify a binary so
that it has different contents but the same MD5 hash, unless they are _very_
_very_ lucky.  The task becomes even more difficult if you check the length
of the file as well as the hash.

-- 
#define X(x,y) x##y
Peter Cordes ;  e-mail: X(peter@llama.nslug. , ns.ca)

"The gods confound the man who first found out how to distinguish the hours!
 Confound him, too, who in this place set up a sundial, to cut and hack
 my day so wretchedly into small pieces!" -- Plautus, 200 BC

Reply to:

Follow-Ups:
- Re: DHCP - rootkit
  - From: Phillip Hofmeister <plhofmei@zionlth.org>

Next by Date: tiger reporting thousands of files with "undefined groups ownership"
Next by thread: Re: DHCP - rootkit
Index(es):
- Date
- Thread