Anthony Lineberry on /dev/mem Rootkits

Rootkits using /dev/mem could attack your system and leave virtually no trace—it even could be happening now!

Mick Bauer (darth.elmo@wiremonkeys.org) is Network Security Architect for one of the US's largest banks. He is the author of the O'Reilly book Linux Server Security, 2nd edition (formerly called Building Secure Servers With Linux), an occasional presenter at information security conferences and composer of the “Network Engineering Polka”.

______________________

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Nice article! One thing

Sören's picture

Nice article! One thing though:
AFAIK, Linux doesn't have a /dev/eth0.
It's internally done through sockets rather than device files.

Sören