Date: Fri, 14 Feb 2003 21:05:24 -0800 From: "Mooneer Salem" <mooneer@translator.cx> To: "pura life CR" <puralifecr@hotmail.com>, <freebsd-chat@freebsd.org> Subject: RE: Processes hiding techniques. Message-ID: <FHEMJMOKKMJDGKFOHHEPOECDEPAA.mooneer@translator.cx> In-Reply-To: <F60f2jIvbwwF7pONGR600019116@hotmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, Processes are represented in the kernel as struct proc. Basically, a modified copy of ps(1) could be installed (assuming the intruder gains root) that would hide the process. It's also possible to load a kernel module that will hide the process. This page might help: http://www.pimmel.com/articles/bsdkern.html Thanks, -- Mooneer Salem GPLTrans: http://www.translator.cx/ lifeafterking.org: http://www.lifeafterking.org/ -----Original Message----- From: owner-freebsd-chat@FreeBSD.ORG [mailto:owner-freebsd-chat@FreeBSD.ORG]On Behalf Of pura life CR Sent: Friday, February 14, 2003 8:40 PM To: freebsd-chat@freebsd.org Subject: Processes hiding techniques. Hi, I would like to know what are current processes hiding techniques that can be used in FreeBSD for an intruder. I would like to know this for learning how to deal with this situation when I become a FreeBSD admin. For example, an user wants to run a nmap or password cracking or a irc bot, what can he do to hide the process so the admin when perform a ps -ax is not able to look the process. _________________________________________________________________ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-chat" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?FHEMJMOKKMJDGKFOHHEPOECDEPAA.mooneer>