> Now that you mention it, I think it was a backdoor (a special > rootshell). That makes much more sense. > Can any provide URLs to example backdoors? Uhh, there are boatloads. Try any of the standard exploit archives (packetstorm, etc) and you'll be swimming in them. You might want to see if chkrootkit has pointers to the source of the rootkits it detects. Or you could just write your own. Snag the knark rootkit and modify it to suit your needs, for example. The code in these things are usually pretty easy to follow, except where it's not. -- Brian Hatch A closed mouth Systems and gathers no feet. Security Engineer http://www.ifokr.org/bri/ Every message PGP signed
This archive was generated by hypermail 2b30 : Fri Feb 28 2003 - 08:46:52 PST