rootkit info

[skiddieleet]

A rootkit is a collection of tools an intruder brings along to a victim computer after gaining initial access. A rootkit generally contains network sniffers, log-cleaning scripts, and trojaned replacements of core system utilities such as ps, netstat, ifconfig, and killall. Although the intruders still need to break into a victim system before they can install their rootkits, the ease-of-use and the amount of destruction they cause make rootkits a big threat for system administrators. ...

I found this article and found it very interesting so I thought I would share it. I'm sure many of you have read stuff like this hundreds of times, but this is the first article I've read about rootkits, therefore it intrigued me:
http://linux.oreillynet.com/pub/a/li...4/rootkit.html
Enjoy

[bpiedlow]

Nice post, that article was very explainitory.

While i've heard of these before, I'd never actually heard the term 'rootkits' used before. I had always heard it referanced as a hacker's 'bag of tricks' or 'bag of goodies' or a cracker's 'crakin toolkit'...

Also, I never realized they actually would replace the binaries on a UNIX system, meaning the executable commands such as; ls, ps, find, etc - as to simply eliminate any logging associated with the running of those commands while their hacked in... Very devious...

RRP

[th3 X-cution3r]

Originally posted here by bpiedlow
Nice post, that article was very explainitory

that's right

[disc0rd]

Love em, or hate em', rootkits have been around for some time now...If you ever wanted to test how easy it was for an attacker to break your system with a pre-made, use one on yourself, just to get a feel for how it all comes together. I'm not quite sure if people are still coming out with rootkits for every new version of OS that comes out for *nix, but it would be interesting to see. I know for awhile back a couple years ago, every new version of *nix that used to come out, about 1 week later there was a new rootkit for it.

Additional note however, using the premade rootkits will most likely get you caught, as most smart system admins know how to track down the footprints made by those rootkits. A smart cracker will have his own, premade just for himself, and most likely will not share it with others. (Because the more people know about it, the more system administrators can foot print it).

[GrApHiCTrOn]

This is a old thread about rootkits http://www.antionline.com/showthread...hlight=rootkit

[spurious_inode]

If you want to check some rootkits out and learn more about them, head on over to
http://www.packetstormsecurity.nl/UN...tion/rootkits/.

It is a really good idea for Unix sys admin's to know about these since no attacker
who wants to keep your box is going to leave without trying to install one of these first.
Unless of course s/he just plans to just rm -rf / on you, and that is pretty rare, thank god.
Some of these do very interesting things like creating covert channels over icmp, hiding
their presence from ps and top, etc. Also worthy of mention on the topic is the other
assesment tools and papers at packetstorm, reading up on this stuff should really help
all who need to get up to speed on practical Unix security and assesment.

-- spruious

[disc0rd]

fm -rf / .....now THATS cold.
Curse the soul who does this bastardly thing.

[spurious_inode]

Originally posted here by disc0rd
fm -rf / .....now THATS cold.
Curse the soul who does this bastardly thing.

_VERY_ cold.

I suppose the only bright side would be that it would be obvious that the machine had been cracked,
with not much else to do but restore from a good backup. Ay caramba!

[disc0rd]

And sometimes backups can be like a roll of the dice, just gotta hope they had some reliable media.

And even then the reliable media may not be restorable based on data discrepencies...
I've got a nice zen garden at my desk...I've found that it helps to start raking the hell outta it and praying to the powers that be, that everything runs okay.

If I didn't have the zen garden I'd need a vacuum cleaner for all the hair I pulled outta my head

[spurious_inode]

Zen Garden huh? I should really buy one of those for myself for Christmas.