Hi, On Mon, 6 Aug 2007 17:36:36 +0000 (UTC) James <[EMAIL PROTECTED]> wrote:
> > To put it correctly, since there is _NO_ way to assure that there > > isn't a rootkit: > > > chkrootkit can be used to check whether there _are_ _known_ > > rootkits. > > > BTW, there are other, similar programs that do the same. > > But my point is: You can never be sure, since a hypothesis can't be > > proven correct, just invalid. > > You are right for noobs. Sheesh! That's an universal scientific concept. Read a bit on Falsifiability of theories to grab the basics. Don't, if you're a religious hardliner. > If the person has a second system and sets up a flat hub and the > ethernet in stealth mode, you can sniff the ethernet I/O all day > long and use a variety of tools to discern if nefarious activities > abound on a given system. Sure it's a bit of work, but all hacked > systems I've ever seen use the system to ethernet I/O. And there's your assumption that you can't prove correct. > They can > encrypt that traffic, but if you know what should/not be traversing > the ethernet, there is no way to hide an actively compromised > system. Wrong. You might be practically right since most rootkits use means to communicate, but they might just collect data instead or even just encrypt all your documents and display the bank account number to deposit money for getting the private key for decryption. BTW, this is not about scaring people, but to make them aware that there is no absolute fail-prove solution to any problem -- since "100% fail-prove" is an logically invalid concept. But I'm pretty confident that the OP isn't dealing with a hacked machine. I just jumped on the rootkit discussions, cause many people talking about rootkits neither know how rootkits work, nor do they grasp the theories behind rootkit detection. -hwh -- [EMAIL PROTECTED] mailing list
