1 |
On Sun, 2004-04-04 at 18:11, Tobias Weisserth wrote: |
2 |
> How should a root kit fool my Tripwire setup if the necessary binaries |
3 |
> and the database are on a mounted CD? :-) This is *extremely* unlikely |
4 |
> and probably demands a *very* difficult attack approach. |
5 |
If an attacker controls the kernel, he can control whatever is |
6 |
supposedly read from the CD. |
7 |
|
8 |
> I'm doing the same with chkrootkit. Write protected media can't be |
9 |
> fooled :-) |
10 |
It can, unless you boot from read-only media with a minimal system that |
11 |
you trust and then run the 'chkrootkit' tool. |
12 |
|
13 |
- YY |
14 |
They that give up essential liberty to obtain a little temporary safety |
15 |
deserve neither liberty nor safety. |
16 |
- Benjamin Franklin |