Jon Lasser, 2001-07-25
Rootkits help hackers play hide-and-seek.
Colapse all |
Post comment
LOVE YOU MAN!!!
2001-07-25
elliptic (5 replies)
elliptic (5 replies)
Ports
2001-07-26
Zer0
Zer0
The best thing to do, is to shut off sshd & in.telnetd type daemons. Only run what you need. Ive never run telnet visible to the outside. I leave it binded to a specific interface behind IP_MASQ. Because of TCP/IP itself, it is impossible to break that, unless there is a bug present in the OS, or so...
[ more ] [ reply ]
[ more ] [ reply ]
Fuq1n l0zer
2001-07-26
gr4nd 1nqu1z1t0r (1 replies)
gr4nd 1nqu1z1t0r (1 replies)
u kn0w n0th1ng 4b0ut c0unt3r 1nt3ll1g3nc3, ur n0th1ng bu+ 4n elektr0n m0nk3y. t3ll1ng pe0pl3 th4t f1r3w4llz w1ll pr0tekt th3m, i supp0ze ull alz0 try t0 t3ll m3 th4t VPNz r a g00d th1ng, r1ght? 1f ur g0ing t0 b3 c0nd3sc3nd1ng t0w4rdz th3 cl00l3zz 4dm1nz 1n ur 0wn c0mp4ny, 4tl34s+ pr3t3nd u kn0w wh...
[ more ] [ reply ]
[ more ] [ reply ]
great article.
2001-08-05
Gonçalo Gomes
Gonçalo Gomes
Good article, but nowadays most "script kidies" have known of systems like tripwire, it is quite easy to change / remove a tripwire like system, or even change its database, i don't think tripwire would be the best solution, you have a lot a others and tripwire has a strict license and is damn slow....
[ more ] [ reply ]
[ more ] [ reply ]
what about strace
2001-08-10
arne.peer@appelmoes.xs4all.be
arne.peer@appelmoes.xs4all.be
Hi,
when i get a customer who want me to check for rootkits, i allway run the program with strace... if I see that the program access'es strange /dev/xxx or other files, I'm almost sure there is a rootkit. Many rootkits just use some /dev/xxx files to hide the information that is in those files.....
[ more ] [ reply ]
when i get a customer who want me to check for rootkits, i allway run the program with strace... if I see that the program access'es strange /dev/xxx or other files, I'm almost sure there is a rootkit. Many rootkits just use some /dev/xxx files to hide the information that is in those files.....
[ more ] [ reply ]
You may already be hacked - by a script?
2002-01-08
Anonymous
Anonymous
Greetings.
I recently put together a box for running an IP chains-based linux firewall.
Being rahter naive about how rapidly the system could get hacked, I opened an Internet-facing interface for testing purposes. The system was compromised in less than 24 hours! and get this - I was logged in...
[ more ] [ reply ]
I recently put together a box for running an IP chains-based linux firewall.
Being rahter naive about how rapidly the system could get hacked, I opened an Internet-facing interface for testing purposes. The system was compromised in less than 24 hours! and get this - I was logged in...
[ more ] [ reply ]
If ONLY you knew how many times I've heard the exact same thing. Way to tackle this issue! I only wish there was a way of sharing my frustration with the ignorant morons working in the likes of places like uunet and other large providers, who regularly deny *their* systems ...
[ more ] [ reply ]