| Name : unhide
| |
| Version : 20110113
| Vendor : Mandriva
|
| Release : 1
| Date : 2011-02-08 20:59:53
|
| Group : System/Configuration/Other
| Source RPM : unhide-20110113-1.src.rpm
|
| Size : 0.05 MB
| |
| Packager : Jani Välimaa < wally_mandriva_org>
| |
| Summary : Tool to find hidden processes and TCP/UDP ports from rootkits
|
Description :
Unhide is a forensic tool to find hidden processes and TCP/UDP ports by
rootkits / LKMs or by another hidden technique. It includes two
utilities: unhide and unhide-tcp.
Unhide detects hidden processes using six techniques:
- Compare /proc vs /bin/ps output
- Compare info gathered from /bin/ps with info gathered by walking through
the procfs.
- Compare info gathered from /bin/ps with info gathered from syscalls
(syscall scanning).
- Full PIDs space occupation (PIDs bruteforcing)
- Reverse search, verify that all thread seen by ps are also seen by
the kernel ( /bin/ps output vs /proc, procfs walking and syscall )
- Quick compare /proc, procfs walking and syscall vs /bin/ps output.
Unhide-tcp identifies TCP/UDP ports that are listening but are not listed
in /bin/netstat through brute forcing of all TCP/UDP ports available.
|
RPM found in directory: /vol/rzm6/linux-mandriva/official/2011/i586/media/contrib/release |
