Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
Bugtraq archives for 1st quarter (Jan-Mar) 1995: Re: Hijacking tool

Re: Hijacking tool

Jim Duncan (jimmath.psu.edu)
Tue, 24 Jan 1995 17:34:17 -0500

Eric Conrad writes:
> The measures described to prevent this (disabling loadable kernel 
> modules) seem pointless -- if the attackers have root, they can 
> rebuild the kernel to do anything they want. 

Hacker's don't reboot -- it generates too much attention.  They are much
happier to use kernel-loadable modules and keep quiet.

This is one reason I hated the idea of kernel-loadable modules when they
were introduced.  But everything has its good and bad effects.