Vulnerability Development mailing list archives
Re: The much popular t0rnkit.
From: Masial <masial () SECURED ORG>
Date: Mon, 18 Sep 2000 12:28:11 -0400
Greetings Erik,
-----Original Message----- From: Erik Tayler First of all, it is quite doubtful that CERT would serve as a suppository for rootkits. Second, a previous poster offered to send the kit out to anyone who asked for it, check the archives. But since you sound like you haven't already tried such a thing, I'll help you out.
I guess I was asking for this kind of 'flamish' with the tone of my original message. While you might think that by the way i sound, I'm one lazy bastard (and i sure am sometimes), I did good research on this. For some reason however, the securityfocus search engine did not return anything interesting from an "Entire Site" search on 't0rn'. Might be because I used a zero. Numerous people have pointed me towards the incidents list and i indeed found the kit at jonathan's link. Secondly, I'm going to be as bold as ask 'why not' to CERT serving as a 'suppository' (typo there?) for rootkits. This was the whole point of my semi-rant. Why not? Why wont anybody archive rootkits so us admins can examine them and draw conclusions from them or learn to recognise typical behaviour patterns and expect/prevent them more efficiently. What happened to something called 'full disclosure'? How would the lock makers make better locks if they cant take a peek at what tools are used to pick their locks? [insert full disclosure arguments here]
If the kit isn't on the web, consider contacting John (sorry John).
I'm not exactly sure why you apologise to John there. Thank you very much for taking the time to helping me out! M. PS: I am not sure either why you CCd the list but I returned the courtesy.
Current thread:
- Re: The much popular t0rnkit. Masial (Sep 19)
- Re: The much popular t0rnkit. Erik Tayler (Sep 19)
- Re: The much popular t0rnkit. terry white (Sep 22)
- Re: The much popular t0rnkit. Jonathan James (Sep 24)
- Re: The much popular t0rnkit. terry white (Sep 22)
- <Possible follow-ups>
- Re: The much popular t0rnkit. despot (Sep 19)
- Re: The much popular t0rnkit. Erik Tayler (Sep 19)