Out of curiosity, what was the situation around a hacker actively arp
spoofing on your net targetting your boxes? It takes a certain level of
sophistication to set up a DNS server, the necassary port forwards from
the "router", and the trojan file server for the package. I have always
espoused that security should be balanced with the potential motivation
for a skilled hacker to target you, why did a hacker target you? Note that
I am not saying using the dsniff package or even manually sending the
arp replies takes skill but it does (AFAIK) take a human.

On Wed, 18 Jan 2006, Sergiy Michka wrote:

> Alexander Klimov schrieb:
>> On Tue, 17 Jan 2006, Benson, Sean M wrote:
>>
>> > Should you run an anti-virus on linux for non-work issues?
>> > (Just home Workstations, Laptops, etc.. not mail servers.)
>>
>>
>> Just answer the following question: have you ever seen a virus which
>> has infected your linux box? If the answer is no (and I guess this is
>> the case) then it is pointless to install an anti-virus for internal
>> use.
>>
>
> I didnt had any virus on my linux boxes but I got a rootkit vie arp spoofing
> from internal network on 2 debian boxes (ignored the warning from apt-get,
> that the checksum from one package was wrong.. after that I got SIGSEGV with
> aptitude and got kernel based rootkit installed).
>
> Maybe it wouldnt happen to me, if I would have a good and working Antivir on
> the boxes or would have more brain to stop installation from such one
> package..
>

[ reply ]