lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <fd5008290612030523la350c3h7d208c5d0e9fe85b@mail.gmail.com>
Date: Sun, 3 Dec 2006 22:23:05 +0900
From: "Jin San" <jinsan07@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Detect prrf rootkit

Hi,

Anybody could tell me which tool can be used to detect prrf rootkit (Phrack 58)?

Of course the vanilla prrf is easy to detect, as they did not try to
hide the kernel module. But suppose that somebody modifies the code,
and succesfully hide the LKM (I know there are some good ways to do
that), how can we detect prrf?

As far as I know, only EPA (Phrack 59) tool is able to detect prrf.
However, EPA does not work very reliably.

This rootkit is pretty old, but it seems there is no good method to
detect it?


Thanks,
Jin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ