Full Disclosure mailing list archives
RE: Linux (in)security
From: Feher Tamas <etomcat () freemail hu>
Date: Mon, 27 Oct 2003 12:20:36 +0100 (CET)
Hello,
I can determine when a Windows box has been owned easily. How do you determine if you have a KLM on your Linux box?
On both occasions, you need to shut down the computer and boot it from an alternative source (like CD-ROM with MS-DOS), then load drivers for the file system (NTFS, EXT2, ReiserFS, etc.) and then run a virus scanner. Or just relocate the suspect hard drive into another known clean machine and perform virus scanning with your favourite Windows/Unix antivirus software. It is a fact of life that certain sophisticated Windows and Un*x root kits cannot be detected in runtime any more after they were installed. You must shut down the OS and investigate using an external standpoint, that is an alternative OS boot. (*) Here is an article about sophisticated Windows Rootkits, they are now truly en par with their Un*x conterparts: http://www.securityfocus.com/news/2879 Sincerely: Tamas Feher. (*) PS: It should be noted that some true server machines, like the IBM AS/400 have alternative boot path support by factory default. Un*x and Windows has a long way to go regarding reliability and security measures before they can catch IBM's monsters. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Linux Exec Shield (was: Linux (in)security), (continued)
- Re: Linux Exec Shield (was: Linux (in)security) Chris Ruvolo (Oct 24)
- Re: RE: Linux (in)security Shawn McMahon (Oct 22)
- Re: RE: Linux (in)security I.R. van Dongen (Oct 22)
- Re: RE: Linux (in)security Kenton Smith (Oct 22)
- Re: RE: Linux (in)security Robert Brockway (Oct 22)
- Re: RE: Linux (in)security John Sage (Oct 23)
- Re: RE: Linux (in)security madsaxon (Oct 23)
- Re: RE: Linux (in)security Ron DuFresne (Oct 23)
- Re: RE: Linux (in)security Paul Schmehl (Oct 23)
- Re: RE: Linux (in)security madsaxon (Oct 23)
- RE: RE: Linux (in)security Bassett, Mark (Oct 22)
- RE: Linux (in)security Feher Tamas (Oct 27)