Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19

Warning: Function ereg() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 4

Warning: Function split() is deprecated in ..../includes/class_postbit.php(345) : eval()'d code on line 19
Understanding Rootkits
Results 1 to 8 of 8

Thread: Understanding Rootkits

  1. #1
    JimH
    Guest

    Understanding Rootkits

    I posted this to the news page, but I thought I would also post it here.

    Quote:
    A rootkit is a collection of tools an intruder brings along to a victim computer after gaining initial access. A rootkit generally contains network sniffers, log-cleaning scripts, and trojaned replacements of core system utilities such as ps, netstat, ifconfig, and killall. Although the intruders still need to break into a victim system before they can install their rootkits, the ease-of-use and the amount of destruction they cause make rootkits a big threat for system administrators.

    Looks like it might be an interesting series.

    Jim H

    http://linux.oreillynet.com/pub/a/li...kit.html<br />

  2. #2
    Aaron_Adams
    Guest

    Re: Understanding Rootkits

    I read this as well. I ended up e-mailing the writer about how a switched network is actually not effective in preventing packet sniffing. He said he might change the article or remember that to use in other articles.

    It's a worthwhile read!

  3. #3

    Re: Understanding Rootkits

    I read this as well. I ended up e-mailing the writer about how a switched network is actually not effective in preventing packet sniffing. He said he might change the article or remember that to use in other articles.

    It's a worthwhile read!
    Just a security guru now aren't we?

    Aragorn
    If you give a man a fire he'll be warm, if you light the man on fire he'll be warm for life.

  4. #4
    Aaron_Adams
    Guest

    Re: Understanding Rootkits

    I wish!

    I seem to pick up some fancy tidbits here and there that others aren't aware of, but I'm still a newbie!

  5. #5
    JimH
    Guest

    Re: Understanding Rootkits

    I wish!

    I seem to pick up some fancy tidbits here and there that others aren't aware of, but I'm still a newbie!
    What kind of "fancy tidbits" have you picked up? ???

    Jim H

  6. #6
    Aaron_Adams
    Guest

    Re: Understanding Rootkits

    Most of them probably aren't so fancy to someone that's been using linux for a long time or been doing security for any length of time.

    Sniffing switched network seems to be something that a lot of people don't understand, nor think is possible. It involveds arp spoofing and arp cache poisoning essentially. I can explain it if anyone wants.

    There is a little trick, my friend and I figured out, with netcat that can be used along with rootkits that is quite interesting. Essentially it allows you to install one tool (netcat ) on an infected computer and accomplish a connection back to your computer that doesn't require a daemon running like telnet or ssh, because you pipe a listening netcat command through a netcat connect command, that connects to a listening netcat on the attacker box. If that makes sense... I've never tested it against logging to see the results, but I plan to do it here in the next couple of days. Once I test it completely I'll explain more about it.

    I'm sure you know about rooting a system if you have access to rebooting it?

    I've fiddled with quite a few SetUID problems, that involved some nifty tricks, like trojaning the programs and race conditions and such.

    I've written my own shellcodes/eggs for bufferoverflows before, they helped me understand some interesting concepts that some people don't understand. Sadly I forgot to back them up, so I'm going to try and get back into it as soon as I finish up my LFS box.

    Most of the stuff I've done I suppose isn't fancy to someone that does security regularly, but a lot of people I meet that use linux and aren't so interested in the security side are surprised with some stuff. I tried to think of some more actual "neat" things I know, but they often just come to mind as I'm doing other stuff.

  7. #7
    Semp
    Guest

    Re:Understanding Rootkits

    It's possible to sniff on many switched LANs (ARP Poisoning, etc.). I found this article to be of use a while back and thought I would post it here, too

    http://www.sans.org/newlook/resource...ed_network.htm

  8. #8
    JimH
    Guest

    Re:Understanding Rootkits

    Thats a cool article thanks for posting it, Semp. And Welcome to GLO. ;D

    Jim H

Similar Threads

  1. Understanding and using Permissions
    By peter in forum Tutorials
    Replies: 0
    Last Post: 11-24-2008, 02:46 AM
  2. Understanding Netfilter source code
    By explorer in forum Linux - Hardware, Networking & Security
    Replies: 0
    Last Post: 11-06-2007, 09:52 PM
  3. Gentoo - Understanding CFLAGS/CXXFLAGS
    By shebang in forum Linux - General Topics
    Replies: 0
    Last Post: 12-04-2004, 08:50 PM
  4. Understanding CPU cache and Performance
    By in forum General Chat
    Replies: 0
    Last Post: 07-11-2002, 01:52 PM
  5. understanding .tar.gz files
    By Inition in forum Linux - General Topics
    Replies: 4
    Last Post: 03-18-2002, 04:13 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •