[ale] Memory leak (hacked?)

David Corbin dcorbin at machturtle.com
Mon Apr 12 20:53:55 EDT 2004


On Monday 12 April 2004 17:07, Chris Ricker wrote:
> On Wed, 7 Apr 2004, Joe Knapka wrote:
> > Or, you may be hacked. A clever intruder can insert modules
> > into the kernel (which is why a public server shouldn't have
> > module load/unload enabled), and can also hide the fact that
> > he's done so. A malicious module that simply allocated
> > pages as fast as it could would cause the behavior you're
> > seeing.
>
> Common misperception, but it actually makes no difference. Even if you
> disable module loading / unloading, attackers can still insert LKMs.
> Modern linux rootkits do exactly this....

And is there anyway to detect these?

chkrootkit hasn't found anything....



More information about the Ale mailing list