Home page logo
/

pen-test logo Penetration Testing mailing list archives

Re: root kit detection/penetration
From: Javier Fernandez-Sanguino <jfernandez () germinus com>
Date: Thu, 15 Sep 2005 11:41:11 +0200

cdewitt () indepthsec com wrote:

What are the best practices for penetration testing the viability
of placing root kits on a client's external servers - vpn, web,
app...?

If you did not write it yourself _and_ are confident that its impact in business critical systems is 0 don't do it. If you have the capability to install a root kit in an external server the game is over, it might be better for you (and for the client) to allow you to plug a system (laptop) to the external server LAN and go from there than to compromise production servers. Of course, that depends on the value your customer places on those servers.

And, while I'm asking - what are the best practices or
countermeasures for root kit placement?

Properly bastion hosts and severly limit the capabitilies of the users the services exposed to the Internet as running at (i.e. defense in depth, chroot jails, up-to-date patched systems, etc.) including host-IDS with (in Windows) updated antivirus (which will carry rootkit signatures too) or (in UNIX) rootkit detectors.

What root kits are still viable/current?

Too many to list, take a look at  http://packetstormsecurity.org/
For UNIX: http://www.packetstormsecurity.org/UNIX/penetration/rootkits/

All comments/tomatoes welcome...cd

Tomato.

Javier

------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]