[ale] Memory leak (hacked?)
David Corbin
dcorbin at machturtle.com
Mon Apr 12 20:53:55 EDT 2004
On Monday 12 April 2004 17:07, Chris Ricker wrote:
> On Wed, 7 Apr 2004, Joe Knapka wrote:
> > Or, you may be hacked. A clever intruder can insert modules
> > into the kernel (which is why a public server shouldn't have
> > module load/unload enabled), and can also hide the fact that
> > he's done so. A malicious module that simply allocated
> > pages as fast as it could would cause the behavior you're
> > seeing.
>
> Common misperception, but it actually makes no difference. Even if you
> disable module loading / unloading, attackers can still insert LKMs.
> Modern linux rootkits do exactly this....
And is there anyway to detect these?
chkrootkit hasn't found anything....
More information about the Ale
mailing list