It is more than possible. There are people that have figured out how to pad a file to make the checksums the same. They don't have to worry about the fact that your checksums cannot be changed because they will fake theirs to match. This is much more work and would require that the hacker have more skills than the regular script kiddy.
Pat Moffitt MIS Administrator Western Recreational Vehicles, Inc. > -----Original Message----- > From: Don Laursen [mailto:[EMAIL PROTECTED] > Sent: Thursday, March 29, 2001 10:40 AM > To: debian-security@lists.debian.org > Subject: RE: MD5 sums of individual files? > > > Ok with that said, how feasable is it for a cracker to install their > rootkit, and mimic the checksummed files to match the contents of the > floppy? Wouldn't he/she just have to unmount the exising floppy drive, > remount it to his/her pseudo check sums? > > I'm probably missing the howto detail where the alert is generated before > rootkit is installed. > > > > Thanks, > Don > > > > Yes, sorry, I wasn't clear about that. The floppy is mounted RO, plus > > the disk's tab is moved to the RO position. I agree... I > > wouldn't feel > > comfortable or safe if the floppy was just mounted RO. > > > > >> Another way to do this is to install the AIDE package, that performs an > checksum > >> to certain files that you specify in the configuratio by the > way tripwire > do > >> it... It's so easy to install and send you an e-mail notifying > the daily > results > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact > [EMAIL PROTECTED] >
