[ale] Monolithic vs Modularised Kernels

John Wells jb at sourceillustrated.com
Wed Jul 9 12:38:26 EDT 2003


Jason Day said:
> Yes.  If an attacker can load a custom kernel module, and if he's good
> enough, he can make it much harder for you to realize you've been owned.
> A kernel module can prevent things like netstat or even ls from finding
> an installed rootkit.

Ah, good point.  I was thinking that modified binaries would accomplish
the same thing, but I suppose there are more methods of detecting that
(md5 sigs, etc) than there are of detecting custom k modules.


_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list