On Mon, Mar 11, 2002 at 05:57:38PM +0000, Eric Brandwine wrote: > Either it's a red herring, and the real root kit is much better > hidden, or it'll be almost trivial to clean up. But you've no way of > knowing. I'd rebuild the box from scratch, if it were mine. I am just curious about the "red herring"-part of the story and the term "real rootkit"... I wonder if there are really attackers out there installing bogus-rootkits in order to protect the real ones. Has anybody on this list detected such kind of "feints"? In my opinion this behaviour is very unlikely, but I am willing to learn. Regards, Konrad -- Konrad Rieck <krat_private> -------------- http://www.inf.fu-berlin.de/~rieck # Roqefellaz, http://www.roqe.org - PGP Key, http://www.roqe.org/keys/kr.pub # ----------- Fingerprint 5803 E58E D1BF 9A29 AFCA 51B3 A725 EA18 ABA7 A6A3 ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Mar 11 2002 - 16:49:38 PST