when i get a customer who want me to check for rootkits, i allway run the program with strace... if I see that the program access'es strange /dev/xxx or other files, I'm almost sure there is a rootkit. Many rootkits just use some /dev/xxx files to hide the information that is in those files.....
arne.peer@appelmoes.xs4all.be
when i get a customer who want me to check for rootkits, i allway run the program with strace... if I see that the program access'es strange /dev/xxx or other files, I'm almost sure there is a rootkit. Many rootkits just use some /dev/xxx files to hide the information that is in those files.....
[ more ]