Security Basics mailing list archives

Re: Keen to test out root kits

From: "Tom Stowell" <jts () deforest k12 wi us>
Date: Fri, 13 Feb 2004 17:37:15 -0600

It's been awhile since I've tried one of these, but the old rules still apply:  if you run something as root (the whole 
point of a rootkit... :-), and can't trust the person who wrote it (and why would you trust a malware author??), all 
bets are off.

When I play with potential malware, I run it on a separate, never-used-for-any-other-purpose imaged workstation, or at 
least in a VM (which SHOULD be safe, but no promises).  And so should you.  (If you're planning to wipe and re-install 
your laptop on Monday, then no prob.  :-)

Try Bochs (http://bochs.sourceforge.net/) or VMWare (http://www.vmware.com/).  If you're on Linux, you could also try 
UML (http://user-mode-linux.sourceforge.net/).  There are others, also.

VMWare is my favorite of the three; it's commercial and EXPENSIVE, as compared to free, but I use it every day.  Even 
to write this message.  It was ~$300 of my personal funds well spent.

Patrick Fong <patfong () ihug com au> 02/13/04 03:57AM >>>

I am keen to test out root kits on my lap-top. I've just discovered
http://www.rootkit.com. Is it safe to install rootkits on my lap-top and
it is not an opportunity for the writer to get back door access to my
lap-top / home network?

What other stuff can I try with the rootkits?

Cheers
Patrick

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------

Tom Stowell
Network Administrator
DeForest Area School District
520 E. Holum St.
DeForest, WI 53532
Fax: (608)-842-6545
Voice: (608)-842-6500
Email: <jts () deforest k12 wi us>

console, n. [From latin consolatio(n) "comfort, spiritual solace."] A device for displaying or printing condolances or
obituaries for the operator.
-- Stan Kelly-Bootle, The Computer Contradictionary.

---------------------------------------------------------------------------
Free trial: Astaro Security Linux -- firewall with Spam/Virus Protection

Protect your network with the comprehensive security solution that
integrates six applications for ease of use and lower TCO.

Firewall - Virus protection - Spam protection - URL blocking - VPN
- Wireless security.

Download 30-day evaluation at:
http://www.astaro.com/php/contact/securityfocus.php
----------------------------------------------------------------------------

Current thread:

Keen to test out root kits Patrick Fong (Feb 13)
- Re: Keen to test out root kits Dedric Ramsey - Ramsey Consulting Svcs (Feb 16)
- RE: Keen to test out root kits Wolfgang Schramm (Feb 16)
- RE: Keen to test out root kits Mike (Feb 16)
- <Possible follow-ups>
- Re: Keen to test out root kits Tom Stowell (Feb 16)
- RE: Keen to test out root kits Matt Lyon (Feb 16)
- RE: Keen to test out root kits Shawn Jackson (Feb 16)
- Re: Keen to test out root kits H Carvey (Feb 19)