Re: Promiscuous interface hacks?

[Paul Schmehl <pauls () utdallas edu>]

Thanks Matt.  What I'm trying to grasp is not whether or not the bo would 
work, but whether the attacker could then gain control of the box.  I can 
see how the bo would work, because snort is going to process the packets 
regardless of what is in them.

But once the bo is exploited, even if a root shell is obtained, how does 
the attacker then "get to" that shell?  Since there's no IP associated with 
it, I'm having trouble understanding how the attacker could then proceed to 
exploit the box.

--On Thursday, May 01, 2003 06:33:50 PM -0400 Matt Kettler 
<mkettler () evi-inc com> wrote:

> The fact that the interface is in promisc mode is more-or-less irrelevant
> to an attack involving buffer overflows, format strings, off-by-ones, and
> other memory-corruption-to-execute code style attacks.

Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users