RE: Finding root-kits on Windows

From: Harlan Carvey (keydet89at_private)
Date: Wed May 07 2003 - 08:04:14 PDT

Next message: Brian Carrier: "Re: Time Differences/MAC Times"

Previous message: shawnmer: "Re: Removing HTTP headers from tcpdump logs"
In reply to: Amarante, Rodrigo P.: "RE: Finding root-kits on Windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Rodrigo,

Thanks for the response... 

> 2nd Question
> From the ones I've played with (NTRootKit, Hacker
> Defense) What I said
> is true: a remote network connection won't be
> filtered by the rootkit driver.

I'm not doubting that it's true...I was asking
regarding your testing infrastructure, for the purpose
of reproducing your results.  For example, did you try
to do anything other than map a drive?

Thanks,

Harlan

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Brian Carrier: "Re: Time Differences/MAC Times"
Previous message: shawnmer: "Re: Removing HTTP headers from tcpdump logs"
In reply to: Amarante, Rodrigo P.: "RE: Finding root-kits on Windows"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu May 08 2003 - 15:09:33 PDT