April 4, 2001

Rackspace remembers the Alamo, fights Knark

Author: JT Smith

- By Dan Berkes -

Chicago -- There are a few good security-minded sites and organizations in the Open Source world, but until today, Rackspace wasn't widely known as one of them. All of that changed this morning when the Web hosting service announced the release of a tool designed to reverse the effects of Knark, a rather annoying tool frequently used by crackers.Knark is a type of Trojan Horse program known as a rootkit. It's a loadable kernel module that, when inserted by an unauthorized visitor, will not only hide itself, but any other files and directories at the discretion of its handler, as well as any outgoing or incoming TCP or UDP connections. With this ability to cover any intrusion and cloak an ongoing security breach, Knark is a major headache for system administrators.

For Rackspace, Knark was much more than a simple headache, but a nightmare waiting to happen. The company made a name for itself by offering Linux-based hosting, and boasts more than 2,000 Linux servers in its San Antonio, Texas, data center.

Marketing manager Madel Robles said that discovering a way to counter Knark was just routine business for Rackspace. "Our product development team is always looking into anything that might be an issue for the servers," she said from the Comdex show floor.

The solution to the problem is a small program created by Rackspace developer Kelley Spoon. Once applied, everything hidden by Knark comes back into view, allowing a system administrator to perform a security audit to determine if a system has been compromised.

While Alamo can't completely counter what Knark does, it will provide system administrators with enough useful information, said Spoon. Anyone who wants to build on the foundation of Alamo is free to do so -- the program is, of course, released as Open Source and complete with code.

The release of Alamo is a first for Rackspace, and most likely a first for all Web hosting companies, said Robles. "I think we've probably rolled out fixes and patches in the past, especially for our own servers. As far as I know, this is the first time we've made something like this available to the public."

NewsForge editors read and respond to comments posted on our discussion page.


  • Linux
Click Here!