[clue-tech] rootkit detection
Adam bultman
adamb at glaven.org
Tue Nov 1 15:13:37 MST 2005
Jim Ockers wrote:
>Hi Jeff,
>
>Another invaluable command is lsof -n which lists all open filehandles
>including network sockets and even listeners.
>
>Even if netstat is lying to you lsof might tell the truth, unless of
>course the rootkit disabled lsof.
>
>Not sure if that's available for unixes other than Linux.
>
>Hope this helps,
>Jim
>
>
>
You'll wanna make sure that there's not a kernel module trojan that is
installed; if so, all binaries may be normal, but you'll still get lied
to.
adam
_______________________________________________
CLUE-tech mailing list
CLUE-tech at cluedenver.org
http://cluedenver.org/mailman/listinfo/clue-tech
More information about the clue-tech
mailing list