[Snort-users] LKM detection

Fyodor fygrave at ...121...
Fri Apr 6 13:42:29 EDT 2001


On Fri, Apr 06, 2001 at 01:02:27PM -0400, tmiller wrote:
> All,
> I just finished a paper on how to detect LKM rootkits. Here is the 
> link:http://members.prestige.net/tmiller12/papers/lkm.htm
> 
> 

You may mention this code as well. :) Was quite handy back in linux 2.0.xx times:
http://www.safenetworks.com/Linux/modules2.html

probably needs a bit of modification for linux 2.2.x and 2.4.x (haven't played with lkms on linux for ages)




More information about the Snort-users mailing list