IDS mailing list archives
Re: rootkit and trojan hunting
From: "\"Zow\" Terry Brugger" <zow () acm org>
Date: Wed, 26 Mar 2008 11:34:33 -0700
i am developing a small host integrity scanner / checker, to hunt rootkits and trojans. offcourse, i need to add more methods / techniques to detect. I am currently hashing out important files like kernel, /boot dir and System.map files. Is there any other possible way to code it better and anyother suggestion would be really helpful in my coding.
Don't reinvent the wheel -- just use Tripwire. http://sourceforge.net/projects/tripwire/ for the open source version, or http://www.tripwire.com/products/ for the commercial version if you need something beefier. Based on what you've said in your message, it sounds like the open source version will work just fine. Cheers, Terry ------------------------------------------------------------------------ Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.coresecurity.com/index.php5?module=Form&action=impact&campaign=intro_sfw to learn more. ------------------------------------------------------------------------
Current thread:
- rootkit and trojan hunting Return C (Mar 26)
- Re: rootkit and trojan hunting "Zow" Terry Brugger (Mar 26)
- Re: rootkit and trojan hunting Jeff D (Mar 26)
- Re: rootkit and trojan hunting Nuno Treez (Mar 28)
- Re: rootkit and trojan hunting "Zow" Terry Brugger (Mar 28)
- Re: rootkit and trojan hunting Return C (Mar 28)
- Re: rootkit and trojan hunting "Zow" Terry Brugger (Mar 28)
- Re: rootkit and trojan hunting "Zow" Terry Brugger (Mar 26)