Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Franck Veysset (franck.veyssetintranode.com)
Date: Wed Mar 21 2001 - 11:55:46 CST
I don't want to play the devil advocate, but that's why my car have
good seatbelts and airbags... :-)
If you don't (that's bad) use tripwire, or similar crypto tools,
check this one...
rkscan might be for you.
rkscan is a kernel-based module rootkit scanner for Linux, it detects
Adore (v0.14, v0.2b and v0.24) and knark (v0.59).
"shawn . moyer" a écrit :
> SWilcoxoniqmktg.com wrote:
> > What I was think is something that can be used after the fact for detection
> > for the poor soles that may not be running tripwire or similar products.
> Sorta like the poor souls who forgot to update their Bind, Sendmail,
> Apache, etc.? They got 0wned. Sorry.
> > I agree that some detection can be done using RPM to see if a normal file
> > was installed. But other tools create their own executables. Those users
> > wouldn't know where to look to see if they were compromised.
> Those users shouldn't be putting Unix servers on the Internet, and their
> vendors shouldn't be shipping OS's that are insecure by default. Anyway,
> Chris Green posted a link for rkdet, which may do the trick.
> But for the most part (I know I sound unsympathetic -- I am), if you
> drive without a seatbelt, and you go through the windshield, I feel bad
> for you, but the best measures for a case like that are always
> preventive and not after-the-fact. I can tell you how fast you were
> going, how hard you hit the glass, and even fix the windshield, but if
> you had your seatbelt on in the first place, you'd be a lot better off.
> s h a w n m o y e r
> The universe did not invent justice; man did.
> Unfortunately, man must reside in the universe.
> -- Zelazny
-- Franck Veysset E-mail: franck.veyssetintranode.com http://www.INTRANODE.com - Tel: +33 (0)2 23 45 55 04 -- Security Lab Engineer --
O ascii ribbon campaign against html |\ email and Microsoft attachments.
_______________________________________________ Snort-users mailing list Snort-userslists.sourceforge.net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users