Date: Tue, 10 Dec 1996 10:19:54 -0500 (EST) From: "Adrian T. Filipi-Martin" <atf3r@cs.virginia.edu> To: Don Lewis <Don.Lewis@tsc.tdk.com> Cc: freebsd-security@freebsd.org Subject: Re: URGENT: Packet sniffer found on my system Message-ID: <Pine.SUN.3.90.961210101538.3334G-100000@stretch.cs.Virginia.edu> In-Reply-To: <199612100639.WAA00847@salsa.gv.ssi1.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, 9 Dec 1996, Don Lewis wrote: > > A trojan could have been planted in any of the binaries that root executes. > As soon as root runs the program, it spawns a copy of the sniffer or open > some other hole. You should do a comparsion of all the executables vs. > those in a fresh copy of the distribution. > > Even the kernel could have been hacked to make it easy to get root access, > though it would probably be less obvious to give bpf access to a non-root > sniffer. This reminds me, has anyone considered getting a precomputed list of MD5 signatures for all precompiled system binaries onto the distribution CDs? While it would not necessarily help those who recompile world, it would still be a handy time saver. I suppose even the scripts to make and compare the MD5 checksums would be handy as part of the system. Adrian adrian@virginia.edu ---->>>>| Support your local programmer, System Administrator --->>>| STOP Software Patent Abuses NOW! NVL, NIIMS and Telemedicine Labs -->>| For an application and information Member: League for Programming Freedom ->| see: http://www.lpf.org/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.90.961210101538.3334G-100000>