rootkits

Subject: rootkits
From: Adam Elkins (i-robot@gci.net)
Date: Mon Feb 03 2003 - 21:32:08 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: eclectric@ftml.net: "Re: rootkits"
• Previous message: Greg Jetter: "Re: online school software"
• Next in thread: eclectric@ftml.net: "Re: rootkits"

I was reading the slack newsgroup, this massive thread talking about rootkits.
This guy thought he had one. I realized I have never checked for one
myself...So I did, but found nothing. Then, I got the idea to try install
\ing a rootkit on a spare box I had (slack8.0) It installed. I don't think
it's working the way it's supposed to though. I couldn't gain root access, or
I 'm just not doing it right....My next step was to run chkrootkit, I did a
simple wget to grab it. Then, I did an ls, or tried to. ls wasn't found. I
had obviously found the first sign something was wrong. None of the bash
commands the rootkit (I used t0rn) replaced worked. (ifconfig did, but thats
the only one)
So, my question is this, are these commands replaced by the rootkit bunk, or
did it store them in another location other than /bin?
Not using other distro's, I'm not sure where RH, and the others stash these
commands...I suspect /bin is the standard, but it could be a slack thing I
guess.

Comments, Concerns, Complaints?

Adam

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: eclectric@ftml.net: "Re: rootkits"
• Previous message: Greg Jetter: "Re: online school software"
• Next in thread: eclectric@ftml.net: "Re: rootkits"

This archive was generated by hypermail 2a23 : Mon Feb 03 2003 - 21:34:22 AKST