[807] in Intrusion Detection Systems
Re: Signs of an Intruder
daemon@ATHENA.MIT.EDU (Alexander O. Yuriev)
Thu Dec 12 05:24:37 1996
To: ids@uow.edu.au
In-Reply-To: Your message of "Mon, 25 Nov 1996 18:27:34 EST."
<9611252327.AA23644@sun1.wwb.noaa.gov>
Date: Fri, 06 Dec 1996 22:45:42 -0500
From: "Alexander O. Yuriev" <alex@bach.cis.temple.edu>
Reply-To: ids@uow.edu.au
> Wrong. The intruders with a clue know what to look for and remove themselves
> promptly. Nothing is sacred on a system once it has intruders.
While the intruder may not know it, the attack kit and the root kit he/she
uses usually will know where to look and what to doctor. Unfortunately, this
allows a lot of people who otherwise would not have had the technical skill
to breakin to do just that. Fortunately, like in any eco-system this create
a lot of low-skilled attackers that are easy to track.
Alex
