OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Deepak Jain (deepakai.net)
Date: Sat Sep 08 2001 - 04:43:41 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Short question:

    Is there a way to prevent the kernel from allowing loadable modules?

    Thought process -- 

    ---

    With the advent of the kernel-loadable root kit, intrusion detection has
gotten a bit more complicated. Is there a _simple_ solution to detecting the
presence of a kernel-based root kit once it is running?

    Scenario:

    System is violated,
Root kit is installed,
Root kit [binaries] are deleted from the machine.

    Solution:

    Reboot machine

    How does one DETECT that the root kit is there in the first place to know to
reboot it?

    Thanks,

    Deepak Jain
AiNET

    To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message