Re: 'rooted' NT/2K boxen?

From: William N. Zanatta (williamat_private)
Date: Thu May 02 2002 - 13:57:23 PDT

  • Next message: Matt Zimmerman: "Re: ssh scans using username 'test' or 'oracle'?"

    Search Google...
    two things in a first overview of the results...
    personally I don't see a need for it as Windows is a rootkit itself.
    for you, the 2nd link should be more interesting...
    William Zanatta
    H C wrote:
    > Recently, there have been several messages posted to
    > this list about rooted Linux boxen.  My question is
    > this...has anyone seen NT/2K boxen 'rooted', in the
    > sense that a Linux box is usually rooted...completely
    > taken over, trojaned binaries, backdoors, users
    > installed, rootkit(s), tools copied over?
    > If so, what, if any, info would you be willing to
    > share about the system?
    > I'm trying to get an idea of how prevalant this sort
    > of thing is, and also to see what's being done, so as
    > to not only better protect my systems, but to assist
    > me in building a better incident response methodology.
    > Thanks.
    This list is provided by the SecurityFocus ARIS analyzer service.
    For more information on this free incident handling, management 
    and tracking system please see:

    This archive was generated by hypermail 2b30 : Thu May 02 2002 - 14:35:00 PDT