 |
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
|
Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Linux Links | Bling | About BLU |
On Wed, 5 Jan 2005, Gregory Boyce wrote:
> Without statically compiled programs for the script to run, how do you
> know you can trust the restults? A number of rootkits will actually
> provide a trojoned md5sum that will just give you the results you're
> looking for rather than the real results for the modified binaries.
>
> chkrootkit (http://www.chkrootkit.org/) is designed to be compiled on a
> known good host, then copied to the system that you're not sure about.
> All programs used are statically compiled binaries protecting against this
> sort of thing.
That's a good point.
I would suggest using both, though. Never was a castle built with only
one means of defense.
Any kind of rootkit detector is only going to be as good as its database
of rootkits to detect, just like virus detectors. If you install both,
you increase your odds.
----------------------------------------------------------------------------
DDDD David Kramer david at thekramers.net http://thekramers.net
DK KD One last warning: don't believe anything that you read in this
DKK D document. Every effort has been made to ensure that this document
DK KD is incomplete and inaccurate, and I take no responsibility for an
DDDD glimmers of correct information that may, by some fluke, be here.
UW_IMAP documentation
 |
|
| BLU is a member of BostonUserGroups | |
| We also thank MIT for the use of their facilities. | |
