> How to protect against rootkis ? Keep your system up to date, do not run unrelaibale software, do not give accounts to people you do not trust.
> Is it some kind of trojan > wich working > with root priviledges ? Basically, yes. It is typically a "kit" you drop on the system via a remote root exploit, which replaces binaries, and tries to mask itself. > Why some people says that eg. tripwire doesn't discover it ? Then they dont know what they are saying, i would say that Tripwire / AIDE / such will be 100% efficient in detecting kits _PROVIDING_ that your database is current, and is stored in a tamper-proof location... and ofcource you actually use and update teh IDS database. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]