open encyclopedia * Article Search: * *
*
*

Root kit

From open-encyclopedia.com - the free encyclopedia.

de:Rootkit A root kit is a set of tools used after cracking a computer system that hide logins, processes, and logs as well as usually sniff terminals, connections, and the keyboard. In many sources root kits are counted as trojan horses.


Called "root" kit after the fact that originally it referred to a set of recompiled Unix tools such as "ps" "netstat" "w" "passwd" that would carefully hide any trace of the cracker that those commands would normally display, thus the cracker could maintain "root" on the system without the system administrator even seeing them. Rootkits come in two different flavours, kernel and application level kits. The idea of kernel level rootkits is to replace system calls with trojaned binaries. With Application level rootkits regular application binaries are replaced with trojaned fakes.


Generally now the term is not restricted to Unix based operating systems, as tools that perform a similar set of tasks now exist for non-Unix operating systems, even though they may not have a "root" account.

See also: Host-based intrusion-detection system

Contribute Found an omission? You can freely contribute to this Wikipedia article. Edit Article
User Anonymous (Last Contributor)     Talk Discussion (Article Talk Page)     Source GNU FDL Verbatim (GNU FDL)
Copyright © 2003-2004 Zeeshan Muhammad. All rights reserved. Legal notices. Part of the New Frontier Information Network.