Re: Hijacking tool

Jim Duncan (jim@math.psu.edu)
Tue, 24 Jan 1995 17:34:17 -0500

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jim Duncan: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
Previous message: Patrick Horgan: "Re: Hijacking tool"
In reply to: Eric Conrad: "Re: Hijacking tool"
Next in thread: John Evans: "Re: Hijacking tool"

Eric Conrad writes:
> The measures described to prevent this (disabling loadable kernel 
> modules) seem pointless -- if the attackers have root, they can 
> rebuild the kernel to do anything they want. 

Hacker's don't reboot -- it generates too much attention.  They are much
happier to use kernel-loadable modules and keep quiet.

This is one reason I hated the idea of kernel-loadable modules when they
were introduced.  But everything has its good and bad effects.

	Jim

Next message: Jim Duncan: "Re: Router filtering not enough! (Was: Re: CERT advisory )"
Previous message: Patrick Horgan: "Re: Hijacking tool"
In reply to: Eric Conrad: "Re: Hijacking tool"
Next in thread: John Evans: "Re: Hijacking tool"