OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Subject: Re: [lids] Re: Secure Linux Distro (fwd)
From: Antonomasia (antnotatla.demon.co.uk)
Date: Fri May 05 2000 - 13:14:54 CDT

"Dustin D. Trammell" <dtrammellcautech.com>:

> TV> .... this is definitely
> TV> an area where the lines between breaking into a system and defending it
> TV> start to blur. :)

> Definitely. Defined process hiding is a common component in many root
> kits allowing intruders to (attempt to) stay hidden. If the admin or
> daemons that are watching for intruders are also hidden,

Lance Spitzner is running honeypots where some subtle changes are in place.
We've been discussing code fragments and mentioned rootkit-like features.
I'm not sure he's hidden any files or processes yet but has got inventive
ways to observe intrusions, and they're going to improve soon.

http://www.enteract.com/~lspitz/papers.html

That reminds me, if anyone knows an sploit for wu-ftpd 2.4-17 I'd like to
have it, otherwise I may have to deduce the it from diffs. Only v2.5
had widely distributed sploits as it seems to me. 

--
##############################################################
# Antonomasia   antnotatla.demon.co.uk                      #
# See http://www.notatla.demon.co.uk/                        #
##############################################################