On Thu, Jul 29, 2004 at 12:21:01AM -0800, Matthew Schumacher wrote:
> It seems that some of these rootkits use a kernel module or
> kernel-memory-patching to load then they conceal themselves. Pretty
> scary stuff.
Which is why 'disable the kernel's module-loading abilities' is near the
top of any real hardening agenda. If they can't load said module, they
can't do any harm via that vector.
--Mac
-- Julian "Mac" Mason mac@cs.hmc.edu Computer Science '06 (909)-607-3129 Harvey Mudd College -- Attached file included as plaintext by Ecartis -- -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (SunOS) iD8DBQFBCMCW1AphoTGXiN0RArgHAJ4rB1xPIq9nzhQ1GUqMMs5rSVoCKQCfS6C1 dFfS8fYDhqO2eYSRE1ues78= =DNbx -----END PGP SIGNATURE----- --------- To unsubscribe, send email to <aklug-request@aklug.org> with 'unsubscribe' in the message body.Received on Thu Jul 29 01:17:23 2004
This archive was generated by hypermail 2.1.8 : Thu Jul 29 2004 - 01:17:27 AKDT