Kernel-loadable Root Kits
From: Deepak Jain (deepak@ai.net)
Date: 09/08/01
- Next message: Peter Pentchev: "Re: Kernel-loadable Root Kits"
- Previous message: Andrew R. Reiter: "Re: netbsd vulnerabilities"
- Next in thread: Peter Pentchev: "Re: Kernel-loadable Root Kits"
- Reply: Peter Pentchev: "Re: Kernel-loadable Root Kits"
- Maybe reply: D J Hawkey Jr: "Re: Kernel-loadable Root Kits"
- Maybe reply: Laurent Fabre: "Re: Kernel-loadable Root Kits"
- Maybe reply: Laurent Fabre: "Re: Kernel-loadable Root Kits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "Deepak Jain" <deepak@ai.net> To: <freebsd-security@freebsd.org>, "freebsd-hackers@FreeBSD. ORG" <freebsd-hackers@freebsd.org> Date: Sat, 8 Sep 2001 05:43:41 -0400
Short question:
Is there a way to prevent the kernel from allowing loadable modules?
Thought process --
--- With the advent of the kernel-loadable root kit, intrusion detection has gotten a bit more complicated. Is there a _simple_ solution to detecting the presence of a kernel-based root kit once it is running? Scenario: System is violated, Root kit is installed, Root kit [binaries] are deleted from the machine. Solution: Reboot machine How does one DETECT that the root kit is there in the first place to know to reboot it? Thanks, Deepak Jain AiNET To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
- Next message: Peter Pentchev: "Re: Kernel-loadable Root Kits"
- Previous message: Andrew R. Reiter: "Re: netbsd vulnerabilities"
- Next in thread: Peter Pentchev: "Re: Kernel-loadable Root Kits"
- Reply: Peter Pentchev: "Re: Kernel-loadable Root Kits"
- Maybe reply: D J Hawkey Jr: "Re: Kernel-loadable Root Kits"
- Maybe reply: Laurent Fabre: "Re: Kernel-loadable Root Kits"
- Maybe reply: Laurent Fabre: "Re: Kernel-loadable Root Kits"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
