- Posts: 330
- Thank you received: 0
Question about Netstat
19 years 2 weeks ago #10265
by Rockape
Replied by Rockape on topic Re: Question about Netstat
sahirh,
You are a scary guy. I'm glad you are on our side, and share this kind of knowledge with us. Just think of the amount of damage that could be done with these rootkit things.
Is this something that hackers use, or is it just a tool you security guys play with?
You are a scary guy. I'm glad you are on our side, and share this kind of knowledge with us. Just think of the amount of damage that could be done with these rootkit things.
Is this something that hackers use, or is it just a tool you security guys play with?
19 years 2 weeks ago #10268
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Question about Netstat
Hey rockape,
Rootkits are definetely hacker only territory. You'll be amazed how most security guys can only give you a one paragraph definition of what they are
I think most Linux distributions these days come with chkrootkit which can identify a lot of rootkits.
Sysinternals also has a freeware rootkit detector for Windows.
I've never seen one of the really scary ones installed on a box in the wild -- I hope I never have to, cause cleaning that up will be a major pain!
If you have a test setup, install one of them and see whether you're able to detect it in any way, its a good learning exercise. Chances are you won't ever have to deal with such a seriously compromised box, but it never hurts to know whats the sharpest thing you can get poked by.
Cheers,
Rootkits are definetely hacker only territory. You'll be amazed how most security guys can only give you a one paragraph definition of what they are
I think most Linux distributions these days come with chkrootkit which can identify a lot of rootkits.
Sysinternals also has a freeware rootkit detector for Windows.
I've never seen one of the really scary ones installed on a box in the wild -- I hope I never have to, cause cleaning that up will be a major pain!
If you have a test setup, install one of them and see whether you're able to detect it in any way, its a good learning exercise. Chances are you won't ever have to deal with such a seriously compromised box, but it never hurts to know whats the sharpest thing you can get poked by.
Cheers,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
19 years 2 weeks ago #10275
by DaLight
Replied by DaLight on topic Re: Question about Netstat
I have used the
RootkitRevealer
utility from Sysinternals referred to by sahirh. However, it's never found anything yet. Is it because it's no good or there's been nothing to find? I might try deliberately infecting a test setup and testing it with RootkitRevealer as suggested.
19 years 2 weeks ago #10303
by Rockape
Replied by Rockape on topic Re: Question about Netstat
Dalight,
When you have tried it, let me know what happened.
Cheers
When you have tried it, let me know what happened.
Cheers
18 years 11 months ago #10945
by acidz
lets strieve for the best
and let God do the rest
Replied by acidz on topic Re: Question about Netstat
Hmm.. this is very interesting.
Sahir.. you are the man.
Is this method used by backdoor virus?
Thx
Sahir.. you are the man.
Is this method used by backdoor virus?
Thx
lets strieve for the best
and let God do the rest
18 years 11 months ago #11143
by sahirh
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Replied by sahirh on topic Re: Question about Netstat
Reference my post here:
www.firewall.cx/ftopicp-11142.html#11142
That's a good primer to rootkit technology. The parent post is extremely interesting.
This is my current research area, so I'm more than happy to carry the thread forward.
Cheers all,
www.firewall.cx/ftopicp-11142.html#11142
That's a good primer to rootkit technology. The parent post is extremely interesting.
This is my current research area, so I'm more than happy to carry the thread forward.
Cheers all,
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.158 seconds