Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 1995_1

Bugtraq archives for 1st quarter (Jan-Mar) 1995: Re: Hijacking tool

Re: Hijacking tool

Jim Duncan (jimmath.psu.edu)
Tue, 24 Jan 1995 17:34:17 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jim Duncan: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
Previous message: Patrick Horgan: "Re: Hijacking tool"
In reply to: Eric Conrad: "Re: Hijacking tool"
Next in thread: John Evans: "Re: Hijacking tool"

Eric Conrad writes:
> The measures described to prevent this (disabling loadable kernel 
> modules) seem pointless -- if the attackers have root, they can 
> rebuild the kernel to do anything they want. 

Hacker's don't reboot -- it generates too much attention.  They are much
happier to use kernel-loadable modules and keep quiet.

This is one reason I hated the idea of kernel-loadable modules when they
were introduced.  But everything has its good and bad effects.

	Jim

Next message: Jim Duncan: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
Previous message: Patrick Horgan: "Re: Hijacking tool"
In reply to: Eric Conrad: "Re: Hijacking tool"
Next in thread: John Evans: "Re: Hijacking tool"