Mailinglist Archive: opensuse-security (685 mails)

< Previous Next >
Articles on rootkits, etc in Linux Magazin+#
  • From: Albert Brandl <albert.brandl@xxxxxxxxxxxxxx>
  • Date: Mon, 11 Feb 2002 10:07:25 +0100
  • Message-id: <20020211100725.C15708@xxxxxxxxxxxxxx>
Hi!

The current (german) Linux Magazin has quite interesting articles on
detecting network scans, rootkits, incident response and so on. I liked
the article on searching for traces (in german: "Spurensuche"), which
shows how to use netcat to save the output of commands to another machine
(called the "forensic computer").

The introduction to root kits is also quite good. It shows how to make use
of the /proc hierarchy to find hidden files and provides some links, e.g.:
http://security.alldas.de/analysis/?aid=2 (analysis of the linux rootkit
yoyo.tar.gz), http://www.theorygroup.com/Theory/rootkits.html (Rootkits -
How Intruders Hide), and, of course: http://project.honeynet.org/papers/
(Know Your Enemy).

Of course, the articles do not provide in-depth discussions of these
subjects. But they are quite informative and might be a good first source
of information.

Regards,

Albert Brandl

< Previous Next >
Follow Ups