Kernel-Level RootKits (cont.)
¨File Hiding
–Attacker can hide specific subdirectories and files
¨Process Hiding
–Attacker can be running Netcat listener but the kernel will not report its existence to ps
¨Network Hiding
–Attacker can tell kernel to lie to netstat about network port being used by a backdoor program
–