On Tuesday, Sep 23, 2003, at 08:57 US/Eastern, Kent Borg wrote:
P.S. Did anyone point out that chkrootkit needs to be kept up to
date? It does.
Back in May, on the cobalt-security list, Michael Stauber of
solarspeed.net described a rootkit he'd found that completely evaded
chkrootkit 0.40...
<
On Tue, 2003-09-23 at 08:57, Kent Borg wrote:
> On Mon, Sep 22, 2003 at 08:24:00PM -0400, Jason Dixon wrote:
> > It is for this reason that I'd like to suggest the following. Take
> > 10 minutes to download, compile and run chkrootkit on your Linux
> > systems.
>
> So there is a "download chkroot
On Mon, Sep 22, 2003 at 08:24:00PM -0400, Jason Dixon wrote:
> It is for this reason that I'd like to suggest the following. Take
> 10 minutes to download, compile and run chkrootkit on your Linux
> systems.
So there is a "download chkrootkit" vs. "download Knoppix STD" war
going on. And both ha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 22 Sep 2003 20:24:00 -0400, Jason Dixon wrote:
> Everyone knows the Internet is a dangerous place. Folks who've been on
> this list for a whileave probably heard me harp about security by now.
> If you have, then you know I'm a nut when it comes
On Mon, 2003-09-22 at 21:36, Steve Phillips wrote:
> At 09:17 p.m. 22/09/2003 -0400, you wrote:
> >
> >Yup. Not to mention that rebooting is a red flag to hackers. The idea
> >here is to run diagnostics while trying to stay off their radar, else
> >you risk losing the evidence (and possibly your
At 08:41 p.m. 22/09/2003 -0500, you wrote:
> >--
> >Jason Dixon, RHCE
>
> *sigh* I guess RHCE doesn't delve into the security aspects then eh ?
Look, I never intended to start a flame war or anything.
Actually, apologies - you are right there as well and I should probably
have worded my response i
On Mon, 2003-09-22 at 21:30, Steve Phillips wrote:
> At 08:57 p.m. 22/09/2003 -0400, Jason Dixon wrote:
> >On Mon, 2003-09-22 at 20:42, Benjamin J. Weiss wrote:
> >[snippy snip]
> > > Um...Jason...the CERT training that I went to stated (though I have not
> > > verified it externally) that it is st
> >--
> >Jason Dixon, RHCE
>
> *sigh* I guess RHCE doesn't delve into the security aspects then eh ?
Look, I never intended to start a flame war or anything.
There are times and places where each approach has it's merits.
In my case, where I am a member of a military CERT, we have to be
absolu
At 09:17 p.m. 22/09/2003 -0400, you wrote:
On Mon, 2003-09-22 at 21:10, Ian Mortimer wrote:
> > However, many of us work and exist in environments where
> > carrying around a CD doesn't scale.
>
> Not to mention the need to reboot every box to run off the CD and
> then reboot again when done. Sev
At 08:57 p.m. 22/09/2003 -0400, Jason Dixon wrote:
On Mon, 2003-09-22 at 20:42, Benjamin J. Weiss wrote:
[snippy snip]
> Um...Jason...the CERT training that I went to stated (though I have not
> verified it externally) that it is still possible to fool chkrootkit if
> you are running it in a "compr
On Mon, 2003-09-22 at 21:10, Ian Mortimer wrote:
> > However, many of us work and exist in environments where
> > carrying around a CD doesn't scale.
>
> Not to mention the need to reboot every box to run off the CD and
> then reboot again when done. Several days work there.
Yup. Not to ment
> However, many of us work and exist in environments where
> carrying around a CD doesn't scale.
Not to mention the need to reboot every box to run off the CD and
then reboot again when done. Several days work there.
> My suggestion can be quickly and
> easily performed on remote systems.
Th
On Mon, 2003-09-22 at 20:42, Benjamin J. Weiss wrote:
> On 22 Sep 2003, Jason Dixon wrote:
>
> > On Mon, 2003-09-22 at 20:28, Benjamin J. Weiss wrote:
> >
> > > I'd say don't download and compile chrootkit. Instead, download the
> > > knoppix security tools distribution (http://www.knoppix-std.
On 22 Sep 2003, Jason Dixon wrote:
> On Mon, 2003-09-22 at 20:28, Benjamin J. Weiss wrote:
>
> > I'd say don't download and compile chrootkit. Instead, download the
> > knoppix security tools distribution (http://www.knoppix-std.org/), burn it
> > to a CD, then boot from it and *then* run chro
On Tue, 2003-09-23 at 10:24, Jason Dixon wrote:
> Everyone knows the Internet is a dangerous place. Folks who've been on
> this list for a whileave probably heard me harp about security by now.
> If you have, then you know I'm a nut when it comes to protecting your
> system - AND - protecting oth
On Mon, 2003-09-22 at 20:28, Benjamin J. Weiss wrote:
> I'd say don't download and compile chrootkit. Instead, download the
> knoppix security tools distribution (http://www.knoppix-std.org/), burn it
> to a CD, then boot from it and *then* run chrootkit, which is on the CD.
> This way you wi
On 22 Sep 2003, Jason Dixon wrote:
> Everyone knows the Internet is a dangerous place. Folks who've been on
> this list for a whileave probably heard me harp about security by now.
> If you have, then you know I'm a nut when it comes to protecting your
> system - AND - protecting others FROM you
Everyone knows the Internet is a dangerous place. Folks who've been on
this list for a whileave probably heard me harp about security by now.
If you have, then you know I'm a nut when it comes to protecting your
system - AND - protecting others FROM your system if it's been cracked.
It is for th
18 matches
Mail list logo
