|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Exploit or trojan
From: Konrad Rieck (kr
roqe.org)
Date: Wed Dec 17 2003 - 13:32:02 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Tue, 2003-12-16 at 01:33, Felipe Franciosi wrote:
> I guess that in Solaris systems you can just reach for a new copy
> of 'ps' and use the 'clean' one to check everything out.
> [...]
> Doing so on Linux systems doesn't help much, since recently there
> have been several kernel backdoors
> [...]
Oops.
Such kind of kernel backdoors (e.g. loadable kernel modules) are also
present for Solaris, *BSD and Windows systems. If you are unsure whether
someone has compromised your system, don't trust the system's kernel!
Regards,
Konrad
--
Konrad Rieck <krroqe.org> ------------ http://people.roqe.org/kr
Fingerprint - 5803 E58E D1BF 9A29 AFCA - 51B3 A725 EA18 ABA7 A6A3
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (GNU/Linux)
iD8DBQA/4K8xpyXqGKunpqMRAlrlAJ9whlUXJ143Bn7iO8cRr9N1PIH2MACdEJf6
eTTL9nFgbXt2UDXcnSzE2iM=
=fRtJ
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]