LINUX ROOTKITS Chirk Chu Chief Security Officer University of Alaska Statewide System Information Technology Services.

Slides:



Advertisements
Similar presentations
COEN 250 Computer Forensics Unix System Life Response.
Advertisements

Phalanx – A Self-injecting Rootkit Instructor: Dr. Harold C. Grossman Students: Jinwei Liu & Subhra S. Sarkar.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Guide to Computer Forensics and Investigations1 Network Forensics Overview Network forensics –Systematic tracking of incoming and outgoing traffic To ascertain.
Protection from Internet Theft By James Seegars. What Is Hacking? Definition – A)To change or alter(Computer Program) – B) To gain access to (a computer.
Hackers, Crackers, and Network Intruders: Heroes, villains, or delinquents? Tim McLaren Thursday, September 28, 2000 McMaster University.
What is hacking? Taeho Oh
Rootkits.
Linux’ Security Haifa Linux Club Orr Dunkelman.
1 UNIX Postmortem Mark Henman. 2 Introduction For most system administrators, there is no question that at some point at least one of their systems is.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
Internet Relay Chat Chandrea Dungy Derek Garrett #29.
Botnets Uses, Prevention, and Examples. Background Robot Network Programs communicating over a network to complete a task Adapted new meaning in the security.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
By, Anish Shanmugasundaram Yashwanth Sainath Jammi.
Hacking Linux Systems.  Text Editors  vi, ex, pico, jove, GNU emacs  Shells  chs (C Shell), sh (Bourne Shell)  File navigation  cd, ls, cp, mv,
Rootkits. EC-Council The Problem  Microsoft Corp. security researchers are warning about a new generation of powerful system-monitoring programs, or.
Vijay Krishnan Avinesh Dupat. A rootkit is software that enables continued privileged access to a computer while actively hiding its presence from administrators.
CIS 450 – Network Security Chapter 15 – Preserving Access.
ECE4112 Lab 7: Honeypots and Network Monitoring and Forensics Group 13 + Group 14 Allen Brewer Jiayue (Simon) Chen Daniel Chu Chinmay Patel.
CIS 450 – Network Security Chapter 16 – Covering the Tracks.
OS Hardening Justin Whitehead Francisco Robles. ECE Internetwork Security OS Hardening Installing kernel/software patches and configuring a system.
Securing Operating Systems Rootkits - TAPTI SAHA.
Trojan Virus By Forbes and Mark. What is a Trojan virus Trojans are malicious programs that perform actions that have not been authorised by the user.
Linux Networking and Security
Rootkits. Agenda Introduction Definition of a Rootkit Types of rootkits Existing Methodologies to Detect Rootkits Lrk4 Knark Conclusion.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
1 Figure 4-1: Targeted System Penetration (Break-In Attacks) Host Scanning  Ping often is blocked by firewalls  Send TCP SYN/ACK to generate RST segments.
VMM Based Rootkit Detection on Android Class Presentation Pete Bohman, Adam Kunk, Erik Shaw.
Cracking Techniques Onno W. Purbo
CS 510 : Malicious Code and Forensics. About the course Syllabus at
Hacking Windows 9X/ME. Hacking framework Initial access physical access brute force trojans Privilege escalation Administrator, root privileges Consolidation.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Backdoors and Rootkits.
Vulnerability Scanning Vulnerability scanners are automated tools that scan hosts and networks for known vulnerabilities and weaknesses Credentialed vs.
Instructor: Dr. Harold C. Grossman Student: Subhra S. Sarkar
Rootkits, Backdoors, and Trojans ECE 4112 – Lab 5 Summary – Spring 2006 Group 9 Greg Sheridan Terry Harvey Group 10 Matthew Bowman Laura Silaghi Michael.
KaaShiv InfoTech Ethical Hacking For Inplant Training / I nternship, please download th e "Inplant training registration form" fr om our website
COEN 250 Computer Forensics Unix System Life Response.
IT Computer Security JEOPARDY RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands RouterModesWANEncapsulationWANServicesRouterBasicsRouterCommands.
Digital Forensics Dr. Bhavani Thuraisingham The University of Texas at Dallas Network Forensics - III November 3, 2008.
Quiz 2 -> Exam Topics Fall Chapter 10a - Firewalls Simple Firewall - drops packets based on IP, port Stateful - Keeps track of connections, set.
VMM Based Rootkit Detection on Android
Lecture 5 Rootkits Hoglund/Butler (Chapters 1-3).
Intro to Network Security. Vocabulary Vulnerability Weakness that can be compromised Threat A method to exploit a vulnerability Attack Use of one or more.
Web Server Security: Protecting Your Pages NOAA OAR WebShop 2001 August 2 nd, 2001 Jeremy Warren.
Securing a Host Computer BY STEPHEN GOSNER. Definition of a Host  Host  In networking, a host is any device that has an IP address.  Hosts include.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Botnets A collection of compromised machines
Hacking Windows.
Three Things About Malware
Working at a Small-to-Medium Business or ISP – Chapter 8
Backdoor Attacks.
Onno W. Purbo Cracking Techniques Onno W. Purbo
Threats to computers Andrew Cormack UKERNA.
Rootkit A rootkit is a set of tools which take the ability to access a computer or computer network at administrator level. Generally, hackers install.
Botnets A collection of compromised machines
Backtracking Intrusions
Haifa Linux Club Orr Dunkelman
Preparing for The Present & The Future
Rootkits Jonathan Hobbs.
Internet Security by Alan S H Lam 2019/4/9.
Presentation transcript:

LINUX ROOTKITS Chirk Chu Chief Security Officer University of Alaska Statewide System Information Technology Services

Definition ● Rootkit – Software toolkit designed to hide the presence of a intruder inside a compromised system. ● Two types of rootkits: User mode and Kernel mode. ● Rootkits may contain trojans, backdoors, sniffers, scanners, rootshell exploits, attack bots, IRC bots, keystroke loggers, log scrubbers and other hacking tools.

Rootkits found on UA systems ● T0rn ● MYRK ● Bobkit ● EPY ● Diablow ● Knark – KLM ● RVDA - KLM

Uncovering Rootkits ● Use chkrootkit. ( ● Image system drive and examine rootkit on a secure system of the same or similar OS. ● If not possible, then import original system binaries and/or libraries to perform the examination. ● Do not trust anything on the compromised system ● Look for hidden files and directories. ● Look for trojans in boot-up scripts. ● Compare system binaries with distribution copies.

Preventing Rootkits ● Use network and host based firewalls (ipchains or iptables) and TCP Wrappers. ● Disable unused and unnecessary network services. ● Remove unused and unnecessary software packages. ● Patch OS and applications on a regular basis. ● Stay current on security vulnerabilities. ● Compile and use statistic kernel without KLM support. ● Use host based IDS like Tripwire.

Live Demonstration ● T0rn Rootkit ● Author: Surrey, 21 year old from Surbiton, England; arrested by Scotland Yard in September, ● Analysis available at: ●

Live Demonstration ● RVDA Rootkit ● It is a KLM rootkit. ● Found on a UAF CS test server running RH 7.2. ● Functions only on a unpatched kernel. ● Source code is very small. ● Romanian in origin?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.