| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <fd5008290612030523la350c3h7d208c5d0e9fe85b@mail.gmail.com> Date: Sun, 3 Dec 2006 22:23:05 +0900 From: "Jin San" <jinsan07@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Detect prrf rootkit Hi, Anybody could tell me which tool can be used to detect prrf rootkit (Phrack 58)? Of course the vanilla prrf is easy to detect, as they did not try to hide the kernel module. But suppose that somebody modifies the code, and succesfully hide the LKM (I know there are some good ways to do that), how can we detect prrf? As far as I know, only EPA (Phrack 59) tool is able to detect prrf. However, EPA does not work very reliably. This rootkit is pretty old, but it seems there is no good method to detect it? Thanks, Jin _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists