Kernel-loadable Root Kits

From: Deepak Jain (
Date: 09/08/01

From: "Deepak Jain" <>
To: <>, "freebsd-hackers@FreeBSD. ORG" <>
Date: Sat, 8 Sep 2001 05:43:41 -0400

Short question:

Is there a way to prevent the kernel from allowing loadable modules?

Thought process --

With the advent of the kernel-loadable root kit, intrusion detection has
gotten a bit more complicated. Is there a _simple_ solution to detecting the
presence of a kernel-based root kit once it is running?
System is violated,
Root kit is installed,
Root kit [binaries] are deleted from the machine.
Reboot machine
How does one DETECT that the root kit is there in the first place to know to
reboot it?
Deepak Jain
To Unsubscribe: send mail to
with "unsubscribe freebsd-security" in the body of the message