Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Full Disclosure: Detect prrf rootkit

Detect prrf rootkit

From: Jin San <jinsan07_at_gmail.com>
Date: Sun, 3 Dec 2006 22:23:05 +0900

Hi,

Anybody could tell me which tool can be used to detect prrf rootkit (Phrack 58)?

Of course the vanilla prrf is easy to detect, as they did not try to
hide the kernel module. But suppose that somebody modifies the code,
and succesfully hide the LKM (I know there are some good ways to do
that), how can we detect prrf?

As far as I know, only EPA (Phrack 59) tool is able to detect prrf.
However, EPA does not work very reliably.

This rootkit is pretty old, but it seems there is no good method to
detect it?

Thanks,
Jin

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Received on Dec 03 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]