[ale] Monolithic vs Modularised Kernels
John Wells
jb at sourceillustrated.com
Wed Jul 9 12:38:26 EDT 2003
Jason Day said:
> Yes. If an attacker can load a custom kernel module, and if he's good
> enough, he can make it much harder for you to realize you've been owned.
> A kernel module can prevent things like netstat or even ls from finding
> an installed rootkit.
Ah, good point. I was thinking that modified binaries would accomplish
the same thing, but I suppose there are more methods of detecting that
(md5 sigs, etc) than there are of detecting custom k modules.
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale
More information about the Ale
mailing list