Re: Exploit or trojan
From: Konrad Rieck (kr_at_roqe.org)
To: Focus Sun <firstname.lastname@example.org> Date: Wed, 17 Dec 2003 20:32:02 +0100
On Tue, 2003-12-16 at 01:33, Felipe Franciosi wrote:
> I guess that in Solaris systems you can just reach for a new copy
> of 'ps' and use the 'clean' one to check everything out.
> Doing so on Linux systems doesn't help much, since recently there
> have been several kernel backdoors
Such kind of kernel backdoors (e.g. loadable kernel modules) are also
present for Solaris, *BSD and Windows systems. If you are unsure whether
someone has compromised your system, don't trust the system's kernel!
-- Konrad Rieck <email@example.com> ------------ http://people.roqe.org/kr Fingerprint - 5803 E58E D1BF 9A29 AFCA - 51B3 A725 EA18 ABA7 A6A3
- application/pgp-signature attachment: This is a digitally signed message part