Skip to main content

Question about Netstat

More
19 years 2 weeks ago #10265 by Rockape
Replied by Rockape on topic Re: Question about Netstat
sahirh,

You are a scary guy. I'm glad you are on our side, and share this kind of knowledge with us. Just think of the amount of damage that could be done with these rootkit things.

Is this something that hackers use, or is it just a tool you security guys play with?
More
19 years 2 weeks ago #10268 by sahirh
Replied by sahirh on topic Re: Question about Netstat
Hey rockape,
Rootkits are definetely hacker only territory. You'll be amazed how most security guys can only give you a one paragraph definition of what they are ;)

I think most Linux distributions these days come with chkrootkit which can identify a lot of rootkits.

Sysinternals also has a freeware rootkit detector for Windows.

I've never seen one of the really scary ones installed on a box in the wild -- I hope I never have to, cause cleaning that up will be a major pain! :)

If you have a test setup, install one of them and see whether you're able to detect it in any way, its a good learning exercise. Chances are you won't ever have to deal with such a seriously compromised box, but it never hurts to know whats the sharpest thing you can get poked by.

Cheers,

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
19 years 2 weeks ago #10275 by DaLight
Replied by DaLight on topic Re: Question about Netstat
I have used the RootkitRevealer utility from Sysinternals referred to by sahirh. However, it's never found anything yet. Is it because it's no good or there's been nothing to find? I might try deliberately infecting a test setup and testing it with RootkitRevealer as suggested.
More
19 years 2 weeks ago #10303 by Rockape
Replied by Rockape on topic Re: Question about Netstat
Dalight,

When you have tried it, let me know what happened.

Cheers
More
18 years 11 months ago #10945 by acidz
Replied by acidz on topic Re: Question about Netstat
Hmm.. this is very interesting.

Sahir.. you are the man.
Is this method used by backdoor virus?

Thx


lets strieve for the best
and let God do the rest
More
18 years 11 months ago #11143 by sahirh
Replied by sahirh on topic Re: Question about Netstat
Reference my post here:
www.firewall.cx/ftopicp-11142.html#11142

That's a good primer to rootkit technology. The parent post is extremely interesting.

This is my current research area, so I'm more than happy to carry the thread forward.

Cheers all,

Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.158 seconds