Bugtraq mailing list archives
Re: Hijacking tool
From: john () hillnet com (John Evans)
Date: Tue, 24 Jan 1995 18:43:23 -0800 (PST)
On Tue, 24 Jan 1995, Jim Duncan wrote:
Eric Conrad writes:The measures described to prevent this (disabling loadable kernel modules) seem pointless -- if the attackers have root, they can rebuild the kernel to do anything they want.Hacker's don't reboot -- it generates too much attention. They are much happier to use kernel-loadable modules and keep quiet.
Sorry, I'm going to have to say that this only holds true a very small amount of the time. If you're dealing with your run-of-the-mill, every-day hacker, and they have either a very specific reason for being on your system, or no specific reason (i.e. they don't care how long they are there, as long as they get in, and out) then they won't care if they reboot a machine, or 5. Especially if they know that no matter how many people it alerts, no matter how fast, it'll let them get what they want. - John
Current thread:
- Re: Hijacking tool, (continued)
- Re: Hijacking tool Paul Ferguson (Jan 24)
- Re: Hijacking tool Casper Dik (Jan 24)
- Re: Hijacking tool Alec Muffett (Jan 24)
- Re: Hijacking tool Alan Hannan (Jan 24)
- Re: Hijacking tool bmanning () isi edu (Jan 24)
- Re: Hijacking tool Scott D. Yelich (Jan 25)
- Re: Hijacking tool Casper Dik (Jan 24)
- Re: Hijacking tool Paul Ferguson (Jan 24)
- Re: Hijacking tool Oliver Friedrichs (Jan 24)
- Re: Hijacking tool Oliver Friedrichs (Jan 24)
- Re: Hijacking tool Eric Conrad (Jan 24)
- Re: Hijacking tool Jim Duncan (Jan 24)
- Re: Hijacking tool John Evans (Jan 24)
- Re: Hijacking tool Darren Reed (Jan 23)
- CIAC Advisory F-08: IP Address Spoofing and Hijacked Session Attacks (fwd) Mark Crother (Jan 23)
- Anti Hijacking tools Pete Shipley (Jan 27)
- Re: Anti Hijacking tools jsz (Jan 28)
- Re: Anti Hijacking tools Karl Strickland (Jan 28)
- Re: Anti Hijacking tools Darren Reed (Jan 28)