find the information about a host with the DNS retrieving system calls, such as gethostbyname() and gethostbyaddr().
(2) All the required information are in the hostent structure.
(3) All the aliases and IP addresses of the host is stored in the hostent structure using linked list (鏈表).
The tool presented below tries to detect from remote if the target machine was compromised with the HACKER Defender rootkit. The tool connect to the remote host, and compares the reply to several known replies. The rootkits that can be detected by the tool are: HACKER Defender v1.0.0 and below.
