| 1 |
Hans-Werner Hilse <hilse <at> web.de> writes: |
| 2 |
|
| 3 |
> > If you want to check there is no such program on your system, I |
| 4 |
> > advice you to try chkrootkit, to check there is no such rootkit on |
| 5 |
> > your system... |
| 6 |
|
| 7 |
> To put it correctly, since there is _NO_ way to assure that there isn't |
| 8 |
> a rootkit: |
| 9 |
|
| 10 |
> chkrootkit can be used to check whether there _are_ _known_ rootkits. |
| 11 |
|
| 12 |
> BTW, there are other, similar programs that do the same. |
| 13 |
> But my point is: You can never be sure, since a hypothesis can't be |
| 14 |
> proven correct, just invalid. |
| 15 |
|
| 16 |
|
| 17 |
Well you are right and you are wrong. |
| 18 |
You are right for noobs. |
| 19 |
|
| 20 |
If the person has a second system and sets up a flat hub and the |
| 21 |
ethernet in stealth mode, you can sniff the ethernet I/O all day |
| 22 |
long and use a variety of tools to discern if nefarious activities |
| 23 |
abound on a given system. Sure it's a bit of work, but all hacked |
| 24 |
systems I've ever seen use the system to ethernet I/O. They can |
| 25 |
encrypt that traffic, but if you know what should/not be traversing |
| 26 |
the ethernet, there is no way to hide an actively compromised |
| 27 |
system. |
| 28 |
|
| 29 |
If the hacker scantly uses resources, and is elite, often it's the |
| 30 |
best thing for a noob, because they keep the systems in pristine |
| 31 |
condition.... |
| 32 |
|
| 33 |
building a gentoo based firewall, that runs off of a non rewritable |
| 34 |
media (CD and such) is definitely a good idea, if you want to |
| 35 |
control your resource utilization.... |
| 36 |
|
| 37 |
|
| 38 |
ymmv, |
| 39 |
hth, |
| 40 |
|
| 41 |
James |
| 42 |
|
| 43 |
|
| 44 |
|
| 45 |
-- |
| 46 |
gentoo-user@g.o mailing list |
Archives