On Tue, 24 Jan 1995, Jim Duncan wrote: > Eric Conrad writes: > > The measures described to prevent this (disabling loadable kernel > > modules) seem pointless -- if the attackers have root, they can > > rebuild the kernel to do anything they want. > > Hacker's don't reboot -- it generates too much attention. They are much > happier to use kernel-loadable modules and keep quiet. Sorry, I'm going to have to say that this only holds true a very small amount of the time. If you're dealing with your run-of-the-mill, every-day hacker, and they have either a very specific reason for being on your system, or no specific reason (i.e. they don't care how long they are there, as long as they get in, and out) then they won't care if they reboot a machine, or 5. Especially if they know that no matter how many people it alerts, no matter how fast, it'll let them get what they want. - John