Re: rootkits

Subject: Re: rootkits
eclectric@ftml.net
Date: Mon Feb 03 2003 - 21:54:09 AKST

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: Greg Jetter: "linux course mailing list"
• Previous message: Adam Elkins: "rootkits"
• In reply to: Adam Elkins: "rootkits"
• Reply: eclectric@ftml.net: "Re: rootkits"
• Reply: eclectric@ftml.net: "Re: rootkits"

On Mon, 03 Feb 2003 21:32:08 -0900, "Adam Elkins" <i-robot@gci.net> said:

> So, my question is this, are these commands replaced by the rootkit bunk,
> or did it store them in another location other than /bin?

No, they're probablly bunk; linked against the wrong libraries or
compiled for the wrong platform; athlon optimized when you have a p4,
that sort of thing... although why they wouldn't be i386, statically
linked, I don't know... you can try running the 'file' command on it to
see what it was compiled for (I think).. also there is a command to see
what dependancies an executable has, but I don't recall the name right
now.

-- 
http://fastmail.fm - Choose from over 50 domains or use your own
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: Greg Jetter: "linux course mailing list"
• Previous message: Adam Elkins: "rootkits"
• In reply to: Adam Elkins: "rootkits"
• Reply: eclectric@ftml.net: "Re: rootkits"
• Reply: eclectric@ftml.net: "Re: rootkits"

This archive was generated by hypermail 2a23 : Mon Feb 03 2003 - 21:54:16 AKST