On Wednesday 25 July 2001 21:04, Olaf Marzocchi wrote:
> What is that?
>
> Olaf
>
>
> Configuration: Celeron 333A, 128 MB, 6+3 GB HD, SoundBlaster 128 PCI,
> Realtek Ethernet, i740 video card running at 1024@16bpp, Toshiba CD and LG
> 8080B CD-RW
> hda1: win 98, hda5 Linux ReiserFS, hda6 swap, hda7 ReiserFS (/home); hdb1:
> FAT32 with datas
A rootkit is an exploitation tool. It replaces selected binaries with hacked versions
that simply ignore a few files the cracker wants to stay hidden.
ps, ls and slocate are often targets for rootkitting, find often less so. One of our
experts was cracked and rootkitted and noticed a few rogue directories by
using find. top is also a target so that it doesn't show the odd forkbomb and netstat
so the occasional, gratuitous bank-cracking, and the entertaining nestea against
some perceived enemy by a 13-year old using your computer does not show
on the network activity. loggers are also sometimes targeted.
So now you know what a rootkit is.
Civileme
