On Sat, 26 Feb 2005, Jonathan Hutchins wrote:
On Saturday 26 February 2005 02:31 am, D. Hageman wrote:
The problem with said philosophy is that the system had to be hacked before the rootkit was installed.
It's hardly a rootkit. It's a back door. That's all.
Well, if it wasn't installed by root, then what user DID install it? That would be a pretty healthy clue.
What I'd really like is some extra eyeballs looking for information on rootedoor and what exploits are typically used to install it.
What kernel version were you running? You're assuming that rootedoor doesn't give a root shell, which looks optimistic from this chair. And, in my opinion, the assumption that a specific cracker tool has "typical" exploits used to install it is flawed. It's all a moving target.
Regards,
-Don