Honeypots mailing list archives

Re: Kernel-level Rootkits

From: <mike () honeynet org>
Date: Mon, 9 Dec 2002 09:32:52 -0500 (EST)

Edward,

Check out Sebek,

http://www.honeynet.org/papers/honeynet/tools/sebek-0.4.tar.gz

Its a lkm that monitors keystrokes and has supporting software to get the
keystrokes off of the honeypot.

Mike

Hello everyone.

A question concerning Kernel-level rootkits.

Has anyone used a kernel-level rootkit (i.w. Knark, Adore, KIS) in a
honeypot implementation?

It would appear to have a few advantages, but only in the hands of
someone who knew how to use it correctly.

If anybody has experimented with kernel-level rootkits, I would be
interested in your results, as I am considering using a rootkit (after I
learn how it works of course) in a honeypot of my own.

Regards,

Edward W. Ray

Current thread:

Kernel-level Rootkits Edward Ray (Dec 09)
- Re: Kernel-level Rootkits mike (Dec 09)
- Re: Kernel-level Rootkits Dominik Lupinski (Dec 09)
- <Possible follow-ups>
- Kernel-level Rootkits fred (Dec 09)