1 |
Hans-Werner Hilse <hilse <at> web.de> writes: |
2 |
|
3 |
> > If you want to check there is no such program on your system, I |
4 |
> > advice you to try chkrootkit, to check there is no such rootkit on |
5 |
> > your system... |
6 |
|
7 |
> To put it correctly, since there is _NO_ way to assure that there isn't |
8 |
> a rootkit: |
9 |
|
10 |
> chkrootkit can be used to check whether there _are_ _known_ rootkits. |
11 |
|
12 |
> BTW, there are other, similar programs that do the same. |
13 |
> But my point is: You can never be sure, since a hypothesis can't be |
14 |
> proven correct, just invalid. |
15 |
|
16 |
|
17 |
Well you are right and you are wrong. |
18 |
You are right for noobs. |
19 |
|
20 |
If the person has a second system and sets up a flat hub and the |
21 |
ethernet in stealth mode, you can sniff the ethernet I/O all day |
22 |
long and use a variety of tools to discern if nefarious activities |
23 |
abound on a given system. Sure it's a bit of work, but all hacked |
24 |
systems I've ever seen use the system to ethernet I/O. They can |
25 |
encrypt that traffic, but if you know what should/not be traversing |
26 |
the ethernet, there is no way to hide an actively compromised |
27 |
system. |
28 |
|
29 |
If the hacker scantly uses resources, and is elite, often it's the |
30 |
best thing for a noob, because they keep the systems in pristine |
31 |
condition.... |
32 |
|
33 |
building a gentoo based firewall, that runs off of a non rewritable |
34 |
media (CD and such) is definitely a good idea, if you want to |
35 |
control your resource utilization.... |
36 |
|
37 |
|
38 |
ymmv, |
39 |
hth, |
40 |
|
41 |
James |
42 |
|
43 |
|
44 |
|
45 |
-- |
46 |
gentoo-user@g.o mailing list |