| 1 |
On Sun, 2004-04-04 at 18:11, Tobias Weisserth wrote: |
| 2 |
> How should a root kit fool my Tripwire setup if the necessary binaries |
| 3 |
> and the database are on a mounted CD? :-) This is *extremely* unlikely |
| 4 |
> and probably demands a *very* difficult attack approach. |
| 5 |
If an attacker controls the kernel, he can control whatever is |
| 6 |
supposedly read from the CD. |
| 7 |
|
| 8 |
> I'm doing the same with chkrootkit. Write protected media can't be |
| 9 |
> fooled :-) |
| 10 |
It can, unless you boot from read-only media with a minimal system that |
| 11 |
you trust and then run the 'chkrootkit' tool. |
| 12 |
|
| 13 |
- YY |
| 14 |
They that give up essential liberty to obtain a little temporary safety |
| 15 |
deserve neither liberty nor safety. |
| 16 |
- Benjamin Franklin |
Archives