response to responses about `rootkit'
Darren Reed (darrenr@cyber.com.au)
Tue, 2 Jul 1996 19:20:06 +1000 (EST)
In response to those who said it was old stuff, and off web pages, yes, it is
just that. Maybe I should have just posted URL's and pointed people there,
but the scariest part was finding this stuff so easily on the WWW. I'd like
to encourage everyone to post URL's (quite a few turned up in the collective
responses) as they find them and/or cache anything relevant (in case it closes
down or similar).
I guess the only reason that I posted it was that there is little communication
between those of us who think we're white hats and Mark Graff's posting some
time ago sparked quite a deal of interest. Whilst there may not have been
anything new for some people, or the content werid, I didn't do any sort of
preprocessing before gzip'ing it (including check .zip's, etc) but perhaps
should have included URL's. As for calling it "rootkit", I didn't spend much
time thinking of a name. Yes, I've written some "interesting" programs to see
how things work on my systems and have given them out to various people.
What's more, I'm sure there are other bits and pieces which I've collected
over the years (definately not anything fantastic and probably very lame in
comparison to anything people would have if they've caught a hacker moving
it around or similar) which would interest people but transferring stuff
from home is just too much hassle.
I'm sorry if anyone was disappointed in what I managed to collect, I had no
idea what was "out there" before I looked and I'm sure there are others who
likewise don't know (for whatever reason).
cheers,
darren