what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 3 of 3 RSS Feed

Files Date: 2001-06-05

stealth-syscall.txt
Posted Jun 5, 2001
Authored by Silvio Cesare | Site big.net.au

Stealth Syscall Redirection - This article describes a technique of redirecting system calls without modifying the sys call table (implemented in Linux). This can be used to evade intrusion detection systems that use the sys call table to register redirected or trojaned system calls. The basic premise behind this attack is to modify the old system call code to jump to the new system call, thus control is transferred to the replacement system call and the sys call table is left untouched.

tags | paper, trojan
systems | linux, unix
SHA-256 | b65637f6eb6460d4d82d35adddf11e37ba7cdf38d977e6f9f161d95599528e70
Download | Favorite | View
StMichael_LKM-0.03.tar.gz
Posted Jun 5, 2001
Authored by Tim Lawless | Site sourceforge.net

StMichael is a LKM that attempts to detect and divert attempts to install a kernel-module backdoor into a running linux system. This is done by monitoring the init_module and delete_module process for changes in the system call table. This is a experimental version, and a spin off from the Saint Jude Project.

Changes: Added md5 checksums to the contents of system calls, added cloaking to hide the presence of StMichael, and its symbols. Since StMichael cause the rootkits to not work as expected, we do not want to give away any useful debugging information.
tags | kernel
systems | linux
SHA-256 | 3a46b99429e5f1bbbff87fa24b0ed3404e912a0cc93c119499d0f899367e02a6
Download | Favorite | View
ICMP_Scanning_v3.0.zip
Posted Jun 5, 2001
Authored by Ofir Arkin | Site sys-security.com

ICMP Usage in Scanning v3.0 - This paper outlines what can be done with the ICMP protocol regarding scanning. Although it may seem harmless at first glance, this paper includes details on plain Host Detection techniques, Advanced Host Detection techniques, Inverse Mapping, Trace routing, OS fingerprinting methods with ICMP, and which ICMP traffic should be filtered on a Filtering Device.

Changes: Version 3.0 introduces significant changes made to the text. Includes some host based security measures available with Linux based on Kernel 2.4.x and with Sun Solaris 8 and a snort rule base for dealing with the ICMP tricks illustrated within the text.
tags | paper, protocol
SHA-256 | 75cc3f1aca7052c3ce41ac23e57dd34c03d0762e2b433480c810bfd580de6b74
Download | Favorite | View
Page 1 of 1
Back1Next

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close