PROTECTING FROM
BADOORS
ATTACKS
Home |
Objectives |
Forum |
Security Links |
Tutorials |
People
- Sources & Tools
- Carbonite
Carbonite v1.0 is a LKM which is designed to investigate and detect rootkits, even LKM rootkits which patch calls to /proc. It works like lsof and ps at the kernel level, querying every process in Linux's task_struct, which is the kernel structure that maintains information on every running process in Linux. It gives administrators a more reliable method to identify all running processes on the system. For more information, here
- StMichael
StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project. Changes: Added md5 checksums to the contents of system calls, added cloaking to hide the presence of StMichael, and its symbols. Since StMichael cause the rootkits to not work as expected, we do not want to give away any useful debugging information. For more information, here.
Copyright(c) 2001
HackerProof. All rights reserved.
Last Update: