Rootkit

Rick Stevens rstevens at internap.com
Tue Oct 23 17:26:11 UTC 2007


On Tue, 2007-10-23 at 09:17 +0200, Manuel Arostegui Ramirez wrote:
> On Tuesday 23 October 2007 08:19:30 bob.smith at kolumbus.fi wrote:
> >
> > The idea was to create sort of(in some way) "encrypted and protected"
> > executables. This to be able to verify that an executable is what it
> > is(located on machine X, and compiled on machine x). Further, the
> > executable would be made so that it could not run on a system on which it
> > was not allowed to run. That was the basis of the idea. Purely theoretical.
> > How this could be achieved in reality is beyond my current knowledgebase,
> > but I am sure that someone else with more knowledge in encryption and
> > protection than me, could maybe analyse this further.
> >
> 
> A small approach to this, I mean to be sure that the executable is the one you 
> installed firstly, could be getting the filehash of all the binaries 
> installed from the beggining storing all the values in a database (outside 
> from that box) and then if you think you could be hacked, just run again the 
> filehash and compare it with the original one you got...
> 
> Again, this is an small approach, just an idea.

That's what tripwire does.

----------------------------------------------------------------------
- Rick Stevens, Principal Engineer             rstevens at internap.com -
- CDN Systems, Internap, Inc.                http://www.internap.com -
-                                                                    -
-   Errors have occurred. We won't tell you where or why.  We have   -
-                         lazy programmers.                          -
----------------------------------------------------------------------




More information about the users mailing list