Mailinglist Archive: opensuse-security (636 mails)

< Previous Next >
Re: [suse-security] server-check
On Sat, 10 Feb 2001, Togan Muftuoglu wrote:
>Thomas Lamy wrote:
>> No, it's just your binaries are swapped with those from the root-kit, and
>> these hide themselves... Get those binaries from a safe machine (better
>> CD-ROM) into a temporary directory (for forensic analysis, do not
>> overwrite any binaries nor reboot the machine!), and try it again with
>> those safe binaries. You may also do an "rpm --verify -a > /tmp/some/file"
>> to check the md5-hashes of all installed packages, to see if and which
>> binaries on your sytem have been replaced by the attacker's root-kit.
>
>(SH...T)
>
>Ok can I run these tools from my laptop connected to my the f....ed
>machine via ethernet. ( I can use the live CD so those binaries on the
>laptop machine will not have the possibility to be hacked

On this point I'm curious. Could a 'root kit' propogate itself to uninfected
hosts on a LAN after it infects the initial victim host? Protection inside a
LAN is commonly lax, especially with everyone relying on firewalls to
protect them. Are viruses like those seen in MSWorld the next thing?

All along I've been smug telling my Windows using friends that I don't have
these virus problems because Unix/Linux has accecss control. How long
til that dish of crow gets served up?


best regards,
Gerard Bras


< Previous Next >
Follow Ups