Date: Sat, 8 Sep 2001 05:43:41 -0400 From: "Deepak Jain" <deepak@ai.net> To: <freebsd-security@freebsd.org>, "freebsd-hackers@FreeBSD. ORG" <freebsd-hackers@freebsd.org> Subject: Kernel-loadable Root Kits Message-ID: <GPEOJKGHAMKFIOMAGMDIGEHGFHAA.deepak@ai.net>
next in thread | raw e-mail | index | archive | help
Short question: Is there a way to prevent the kernel from allowing loadable modules? Thought process -- --- With the advent of the kernel-loadable root kit, intrusion detection has gotten a bit more complicated. Is there a _simple_ solution to detecting the presence of a kernel-based root kit once it is running? Scenario: System is violated, Root kit is installed, Root kit [binaries] are deleted from the machine. Solution: Reboot machine How does one DETECT that the root kit is there in the first place to know to reboot it? Thanks, Deepak Jain AiNET To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?GPEOJKGHAMKFIOMAGMDIGEHGFHAA.deepak>