[Snort-users] Intrusion S/W detection tools?

Chris Green cmg at ...671...
Wed Mar 21 11:03:43 EST 2001


SWilcoxon at ...1386... writes:

> A little off the subject, but I feel it's related to IDS in general so this
> could be a helpful group.
> 
> Are there any Open or Closed source tools for detecting that intruders have
> installed compromised tools, backdoors, etc on a Linux system? I know that
> many Virus Scanners can do this for files that are considered in that
> category by the developers, but do they really cover the other tools a
> Hacker may install on a System?

http://www.vancouver-webpages.com/rkdet/ is a kernel level project to
try and catch these and http://www.chkrootkit.org/ looks for some
common rootkits.  The latter url has a good number of links to sites
discussing this.
-- 
Chris Green <cmg at ...671...>
This is my signature. There are many like it but this one is mine.




More information about the Snort-users mailing list