Re: root or openssh exploited?

From: Randy Ramsdell (me_at_somewhere.else)
Date: 03/28/04 

Date: Sat, 27 Mar 2004 19:38:27 -0500

Jem Berkes wrote:
>>I am not aware of any rootkit that would not trojan those programs first.
>
>
> You guys aren't understanding what I'm talking about. I'm saying run
> tcpdump on a DIFFERENT host, connected to the ethernet cable. It has its
> own filesystem, own memory, own processor -- there is nothing in common
> with your rooted box.
>

I got you, but kev asked about local progs. should have reiterated your
point instead.

Relevant Pages

  • Re: VM Rootkits: The Next Big Threat? (PC Magazine)
    ... Such close relationships with hardware allow the OS to be ... they were trojan backdoored unix binary executables offering ... remote root access to the attacker that installed them. ... actual hardware and the so-called "rootkit" act as the platform for it. ...
    (alt.comp.anti-virus)
  • Re: Using only XPs firewall saves resources
    ... >> But what if you have a trojan and rootkit on your system, ... By the time you get around to scanning with those things, your private ...
    (comp.security.firewalls)
  • Re: Sony DRM Rootkit
    ... > Sony, Rootkits and Digital Rights Management Gone Too Far ... "The Register reports on the first trojan using Sony's DRM rootkit. ... reputable business magazing requesting that the businessperson verify ...
    (alt.computer.security)
  • Rootkit or trojan
    ... Okay I am wondering if anyone has seen a rootkit or trojan with the ... /usr/bin/xntpx was created this program seems to be some icmp utility, ...
    (Incidents)
  • Re: root or openssh exploited?
    ... > I am not aware of any rootkit that would not trojan those programs first. ... You guys aren't understanding what I'm talking about. ... I'm saying run ... tcpdump on a DIFFERENT host, ...
    (comp.os.linux.security)