Security Incidents: Re: 'rooted' NT/2K boxen?

["William N. Zanatta" <william () veritel com br>]

Search Google...

two things in a first overview of the results...

http://www.crackinguniversity2000.it/Paper/__==__--%20rootkit%20--__==__.htm
http://builder.cnet.com/webbuilding/0-7532-8-4877567-1.html?tag=st.sw.3923222.bhed.7284-8-4877567-1

personally I don't see a need for it as Windows is a rootkit itself.

for you, the 2nd link should be more interesting...

William Zanatta

H C wrote:
> Recently, there have been several messages posted to
> this list about rooted Linux boxen.  My question is
> this...has anyone seen NT/2K boxen 'rooted', in the
> sense that a Linux box is usually rooted...completely
> taken over, trojaned binaries, backdoors, users
> installed, rootkit(s), tools copied over?
>
> If so, what, if any, info would you be willing to
> share about the system?
>
> I'm trying to get an idea of how prevalant this sort
> of thing is, and also to see what's being done, so as
> to not only better protect my systems, but to assist
> me in building a better incident response methodology.
>
> Thanks.



----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com