OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Franck Veysset (franck.veyssetintranode.com)
Date: Wed Mar 21 2001 - 11:55:46 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    I don't want to play the devil advocate, but that's why my car have
    good seatbelts and airbags... :-)

    If you don't (that's bad) use tripwire, or similar crypto tools,
    check this one...
    http://www.hsc.fr/ressources/outils/rkscan/index.html.en

    rkscan might be for you.
    rkscan is a kernel-based module rootkit scanner for Linux, it detects
    Adore (v0.14, v0.2b and v0.24) and knark (v0.59).

    -Franck

    "shawn . moyer" a écrit :
    >
    > SWilcoxoniqmktg.com wrote:
    >
    > > What I was think is something that can be used after the fact for detection
    > > for the poor soles that may not be running tripwire or similar products.
    >
    > Sorta like the poor souls who forgot to update their Bind, Sendmail,
    > Apache, etc.? They got 0wned. Sorry.
    >
    > > I agree that some detection can be done using RPM to see if a normal file
    > > was installed. But other tools create their own executables. Those users
    > > wouldn't know where to look to see if they were compromised.
    >
    > Those users shouldn't be putting Unix servers on the Internet, and their
    > vendors shouldn't be shipping OS's that are insecure by default. Anyway,
    > Chris Green posted a link for rkdet, which may do the trick.
    >
    > But for the most part (I know I sound unsympathetic -- I am), if you
    > drive without a seatbelt, and you go through the windshield, I feel bad
    > for you, but the best measures for a case like that are always
    > preventive and not after-the-fact. I can tell you how fast you were
    > going, how hard you hit the glass, and even fix the windshield, but if
    > you had your seatbelt on in the first place, you'd be a lot better off.
    >
    > --shawn
    >
    > --
    >
    > s h a w n m o y e r
    > shawnnet-connect.net
    >
    > The universe did not invent justice; man did.
    > Unfortunately, man must reside in the universe.
    >
    > -- Zelazny 

    -- 
Franck Veysset  E-mail: franck.veyssetintranode.com
http://www.INTRANODE.com  -  Tel: +33 (0)2 23 45 55 04
            -- Security Lab Engineer --

          O   ascii ribbon campaign against html
      |\    email and Microsoft attachments.

    _______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users