|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Dailydave] Detect prrf rootkit?
From: Jin San (jinsan07
gmail.com)
Date: Wed Nov 29 2006 - 23:48:24 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
Anybody could tell me which tool can be used to detect prrf rootkit (Phrack 58)?
Of course the vanilla prrf is easy to detect, as they did not try to
hide the kernel module. But suppose that somebody modifies the code,
and succesfully hide the LKM (I know there are some good ways to do
that), how can we detect prrf?
As far as I know, only EPA (Phrack 59) tool is able to detect prrf.
However, EPA does not work very reliably.
This rootkit is pretty old, but it seems there is no good method to
detect this kind of rootkit?
Thanks,
Jin
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]