[LWN Logo]
[LWN.net]
From: Elizabeth Anderson <eanderson@Springbok.com>
To: "'letters@lwn.net'" <letters@lwn.net>
Subject: Alamo battles Knark
Date: Wed, 4 Apr 2001 12:03:56 -0500 


FOR IMMEDIATE RELEASE

For more information, please contact:
Lew Moorman				or		Elizabeth Anderson
Rackspace Managed Hosting				Springbok
Technologies, Inc.
(210) 892-4000						(972) 480-9458, x172
lmoorman@rackspace.com 				eanderson@springbok.com


Rackspace Releases Knark Antidote to Linux Community

World's Largest Linux Web Hoster Develops "Alamo"
 to Battle Deadly Cracker Weapon

SAN ANTONIO - April 4, 2001 - Rackspace Managed Hosting, a leading provider
of managed Internet hosting services, today announced the release of
"Alamo," a solution to Knark, which is a lethal weapon in the Linux computer
hacker's arsenal.

Knark is a type of cracking weapon often referred to as a Trojan horse - a
program that hides malicious or harmful code inside seemingly harmless data.
Knark is used by hackers to cover their tracks, making it virtually
impossible to detect any kind of malicious activity until it is too late.
After infiltrating the server, a hacker can insert Knark into the deepest
level of the Linux operating system and use it to shoot down any attempts at
discovery.

As Knark is virtually undetectable while a computer is running, the problem
poses a serious threat to computer security, particularly for servers that
need to be up and running constantly. The only way to detect whether or not
Knark is being used is to take the system offline and perform an "autopsy"
on the drive. If the system is mission-critical, however, taking a server
down may not be a viable option.

Rackspace, which currently manages more than 3,000 customers' servers and
over 2,000 Linux Servers in its Texas data center, is concerned about the
problem and has decided to release a solution to the Linux open source
community for further development.   The solution, called "Alamo," cleverly
uses some of Knark's tricks against it. Once applied to a system or server,
Alamo reveals all of the files that Knark has "hidden," enabling the system
administrator to determine whether or not the system has been compromised.

Although the first to admit that his solution is only a partial one, the
Rackspace employee who developed the code explained that there still is no
reliable way to detect Knark.

"Alamo can level the playing field a little and give the system
administrator a chance to look around the system without taking a
mission-critical server offline," said Kelley Spoon, a Linux system
developer for Rackspace.

"We support a number of operating systems at Rackspace, but the majority of
our customers have Linux servers, which are vulnerable to Knark attacks,"
said Richard Yoo, chief technology officer of Rackspace. "As the largest
managed server provider for Linux, we believe it is our duty to release the
source code for Alamo so we can work with the open source community to
develop a complete solution to this problem."

Alamo source code can be downloaded at no cost from the Rackspace Web site
at http://www.rackspace.com/alamo.

About Rackspace Managed Hosting
Rackspace Managed Hosting provides its customers with full-service hosting
solutions, including state-of-the-art data centers, customized Internet
servers, burstable connectivity, server software and 24 x 7 expert
management. With Rackspace's SmoothScaling capabilities, Web developers,
e-businesses and application service providers can add bandwidth or server
capacity on demand. Monthly fees range from $300 to $50,000 per month,
depending on the complexity of the server architecture. The company, which
was founded in 1998, has locations in Texas and London and currently manages
more than 3,100 servers for customers in more than 40 countries. Rackspace
was recently named the Top Dedicated Server Company in Web Server List's
Hosting Awards and voted the Top Dedicated Server Host by
WebHostMagazine.com. For more information, visit www.rackspace.com, or call
800-961-2888.


# # #