Skip to content

elefr3n/linux_tcp_connection_hider

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
Capture.PNG
Capture.PNG
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
ftrace_helper.h
ftrace_helper.h
 
 
rootkit.c
rootkit.c
 
 

Repository files navigation

linux_tcp_connection_hider

kernel rootkit module to hide connections from attacker ip (ssh, reverse shells, etc...).

Base source

The base source of this code is from Xcellerator/linux-kernel-hacking project, a kernel module to hide connections of certain tcp port, I have addapted the code adding a function and remove/edit some lines in the kernel hooked function to hide connections from an attacker ip address and not from tcp port connection as the original base source do.

How to use

  • Edit the IP_ADDRESS_TO_HIDE variable in rootkit.c file at line 10
  • Build with make
  • Load with insmod rootkit.ko
  • At this moment any tcp connection from/to the attacker ip dissapear in "netstat" output command

Capture

About

Kernel module to hide tcp connections from an attacker ip address

Resources

Readme
Activity

Stars

11 stars

Watchers

1 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages