Question about Netstat

sahirh,

You are a scary guy. I'm glad you are on our side, and share this kind of knowledge with us. Just think of the amount of damage that could be done with these rootkit things.

Is this something that hackers use, or is it just a tool you security guys play with?

Hey rockape,
Rootkits are definetely hacker only territory. You'll be amazed how most security guys can only give you a one paragraph definition of what they are

I think most Linux distributions these days come with chkrootkit which can identify a lot of rootkits.

Sysinternals also has a freeware rootkit detector for Windows.

I've never seen one of the really scary ones installed on a box in the wild -- I hope I never have to, cause cleaning that up will be a major pain!

If you have a test setup, install one of them and see whether you're able to detect it in any way, its a good learning exercise. Chances are you won't ever have to deal with such a seriously compromised box, but it never hurts to know whats the sharpest thing you can get poked by.

Cheers,

I have used the RootkitRevealer utility from Sysinternals referred to by sahirh. However, it's never found anything yet. Is it because it's no good or there's been nothing to find? I might try deliberately infecting a test setup and testing it with RootkitRevealer as suggested.

Dalight,

When you have tried it, let me know what happened.

Cheers

Hmm.. this is very interesting.

Sahir.. you are the man.
Is this method used by backdoor virus?

Thx

Reference my post here:
www.firewall.cx/ftopicp-11142.html#11142

That's a good primer to rootkit technology. The parent post is extremely interesting.

This is my current research area, so I'm more than happy to carry the thread forward.

Cheers all,