[2002] in linux-security and linux-alert archive

home help back first fref pref prev next nref lref last post

[linux-security] Re: Different Forms of attack...

daemon@ATHENA.MIT.EDU (Annex)
Sun Jul 19 02:53:34 1998

Date: Sat, 18 Jul 1998 18:01:55 +0600 (BGT)
From: Annex <annex@thing.annexgrp.org>
To: Urmane Hendrake <urmane@urmane.org>
cc: linux-security@redhat.com
In-Reply-To: <19980714122319.1935.qmail@niemiraj-1.soho.enteract.com>
Resent-From: linux-security@redhat.com
Resent-Reply-To: linux-security@redhat.com

On Tue, 14 Jul 1998, Urmane Hendrake wrote:
| >is there anywhere.... a description on what to expect or what happenes
| >during any one of these or other attacks listed somewhere?  If so, could

check your logs closely.. all the time... but don't trust it all the
time:)

| go to rootshell.com, download the RootKit, and look through the source
| code - it's extremely educational.  Nutshell version: with a simple "make
| install", an attacker with root privs can replace a whole slew of binaries

does 'make install' take care of the file date/size? if not.. a command
like this would be good enough to find out:

find / -cmin -1440

which will print out the name of all files who's status was changed within
last 1440 minutes..

| you'll never know they're there.  (I happened to notice because my login
| prompt changed from hostname to FQDN - but almost shrugged it off).

remember... if you notice something... no matter how insignificant it
seems... dig it!

---
Shuman					<annex@thing.annexgrp.org>

Annex Group, Bangladesh			http://www.annexgrp.org/hr

-- 
----------------------------------------------------------------------
Please refer to the information about this list as well as general
information about Linux security at http://www.aoy.com/Linux/Security.
----------------------------------------------------------------------

To unsubscribe:
  mail -s unsubscribe linux-security-request@redhat.com < /dev/null


home help back first fref pref prev next nref lref last post