|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Gommers, Joep (JGommers
gfo.nl)Date: Thu Apr 11 2002 - 09:01:51 CDT
That will not be of much use :)
If a hackers compromised your machine, it most likely will install a
rootkit. Containing her own trojaned ps,ls,lsof,netstat etc. so
modifying a ps binarie will not be of any help.
Look at www.phrack.org for 'kernel hacking', a perfect explanation of
hiding processes from within the kernel.
Cheers, joep
Most rootkits have trojanised ps's. I've seen several ones that use a
config file where you can define what expressions (names, PID's, etc.)
you want to hide. Of course you still have to deal with top, lsof,
netstat, etc.
Fernando
> Im building a honeynet, and Im usign Modules Syslog,
> but its daemon shows up in the process list (ps).
> IŽd like to hide this process, anyone could
> give any information?
>
> Tnx
>
> Thiago Mello
>
>
>
>
---------------------------------------------------------------------
To unsubscribe, e-mail: honeypots-unsubscribesecurityfocus.com
For additional commands, e-mail: honeypots-helpsecurityfocus.com
---------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert
(SIA) Service. For more information on SecurityFocus' SIA service
which automatically alerts you to the latest security vulnerabilities.
Please, see: https://alerts.securityfocus.com/
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]