[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ossec-list] Re: about the rootkit detector

To: ossec-list@xxxxxxxxxxxxxxxx
Subject: [ossec-list] Re: about the rootkit detector
From: "Joshua Gimer" <jgimer@xxxxxxxxx>
Date: Mon, 19 Feb 2007 15:38:54 -0700

Here is a pretty good description of how it works.

http://www.mail-archive.com/ossec-list@xxxxxxxxxxxxxxxx/msg01348.html

Josh

On 2/19/07, Nicolas Arias <nicolas.arias@xxxxxxxxxxx> wrote:

Hello guys.

There weekend iv recieved 2 alerts from a busy server about hidden
ports, both high ports.

In that server i have oracle xe, but it shows the ports in netstat.

We had checked absolutly everything and it doesnt look bad, so, i must
asume that those where false possitives...

Daniel, can you put some ligth in this mistery?

Can you explain how the rootkit detector works?, i mean, the internals,
i will give the source code a try, but human words can help :)

Thanks!
Cheers!

--
Nicolas Arias
Security Officer
+54 11 4109 1885
+54 9 11 5455 0055
nicolas.arias@xxxxxxxxxxx

--
Thx
Joshua Gimer

Follow-Ups:
- [ossec-list] Re: about the rootkit detector
  - From: Nicolas Arias

References:
- [ossec-list] Re: No client configured. Exiting.
  - From: Daniel Cid
- [ossec-list] Re: No client configured. Exiting.
  - From: OlRoy OlRoy
- [ossec-list] Re: No client configured. Exiting.
  - From: Daniel Cid
- [ossec-list] about the rootkit detector
  - From: Nicolas Arias

Prev by Date: [ossec-list] weird stuff
Next by Date: [ossec-list] Problems faced with OSSEC.
Previous by thread: [ossec-list] about the rootkit detector
Next by thread: [ossec-list] Re: about the rootkit detector
Index(es):
- Date
- Thread

OSSEC home | Main Index | Thread Index

OSSEC project: www.ossec.net.
Mailling list information: http://www.ossec.net/en/mailing_lists.html.