On Fri, 2003-07-04 at 15:44, Thomas Lamy wrote: > Shri Shrikumar: > > On Thu, 2003-07-03 at 22:30, Mario Lopez wrote: > > > In any case if you have a lkm rootkit, your done, dosent matter if > > > you upload static, dinamic or whatever, kernel root kits are hard to > > > find, not even lsmod, rmmod can help you because it is > > quite easy to > > > make a kernel module unloadable or even hiden, some of you may be > > > thinking that they are safe to those kind of attacks because they > > > have disabled kernel module support in theyr kernel, well they are > > > wrong :), there is code, and nice white papers explaining how to > > > insert kernel code through /proc/kmem, if I am not wrong Silvio > > > Cesare developed this technique two or three years ago, although it > > > hasent being exploited too much you must be aware of it's existance. > > > > I dont have module support and I dont have /proc/kmem. Am I missing > > something ? Running 2.4.20. > > > I'm sure he meant /dev/kmem
Ok, I have that file. Can anyone point me in the direction of something
I can do to make it more difficult to exploit this.
Shri
--
------------------------------------------------------------------------
Shri Shrikumar U R Byte Solutions Tel: 0845 644 4745
I.T. Consultant Edinburgh, Scotland Mob: 0773 980 3499
Web: www.urbyte.com Email: [EMAIL PROTECTED]
signature.asc
Description: This is a digitally signed message part
