Re: fun with posiden rootkit
From: Skip Carter (skip@taygeta.com)Date: 03/25/02
- Previous message: Alvin Oga: "Re: fun with posiden rootkit"
- Maybe in reply to: Olaf Schreck: "fun with posiden rootkit"
- Next in thread: Dave Dittrich: "Re: fun with posiden rootkit"
- Reply: Dave Dittrich: "Re: fun with posiden rootkit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: Alvin Oga <alvin.sec@Mail.Linux-Consulting.com> Date: Mon, 25 Mar 2002 14:48:10 -0800 From: Skip Carter <skip@taygeta.com>
> - sometimes checking failed script-kiddies can be entertaining if time
> permits to look around for any funny stuff
I had one incident that I investigated for a client recently.
It was the usual: gain entry, install rootkit, install password
scanner, etc. Except he did it in the wrong order, so that his
password scanner caught his own connection back to his rootkit
archive; so when I started my investigation I was able to log in
to his archive and pick up his entire stash of tools.
-- Dr. Everett (Skip) Carter Phone: 831-641-0645 FAX: 831-641-0647 Taygeta Scientific Inc. INTERNET: skip@taygeta.com 1340 Munras Ave., Suite 314 WWW: http://www.taygeta.com Monterey, CA. 93940---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
- Previous message: Alvin Oga: "Re: fun with posiden rootkit"
- Maybe in reply to: Olaf Schreck: "fun with posiden rootkit"
- Next in thread: Dave Dittrich: "Re: fun with posiden rootkit"
- Reply: Dave Dittrich: "Re: fun with posiden rootkit"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
