[2002] in linux-security and linux-alert archive
[linux-security] Re: Different Forms of attack...
daemon@ATHENA.MIT.EDU (Annex)
Sun Jul 19 02:53:34 1998
Date: Sat, 18 Jul 1998 18:01:55 +0600 (BGT)
From: Annex <annex@thing.annexgrp.org>
To: Urmane Hendrake <urmane@urmane.org>
cc: linux-security@redhat.com
In-Reply-To: <19980714122319.1935.qmail@niemiraj-1.soho.enteract.com>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com
On Tue, 14 Jul 1998, Urmane Hendrake wrote:
| >is there anywhere.... a description on what to expect or what happenes
| >during any one of these or other attacks listed somewhere? If so, could
check your logs closely.. all the time... but don't trust it all the
time:)
| go to rootshell.com, download the RootKit, and look through the source
| code - it's extremely educational. Nutshell version: with a simple "make
| install", an attacker with root privs can replace a whole slew of binaries
does 'make install' take care of the file date/size? if not.. a command
like this would be good enough to find out:
find / -cmin -1440
which will print out the name of all files who's status was changed within
last 1440 minutes..
| you'll never know they're there. (I happened to notice because my login
| prompt changed from hostname to FQDN - but almost shrugged it off).
remember... if you notice something... no matter how insignificant it
seems... dig it!
---
Shuman <annex@thing.annexgrp.org>
Annex Group, Bangladesh http://www.annexgrp.org/hr
--
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------
To unsubscribe:
mail -s unsubscribe linux-security-request@redhat.com < /dev/null