hi ya dale
>
> Rootkits are *INSTALLED* after a successful root
> exploit.
maybe i missing something here ... that i been wonderng about
for years..
if they exploited a root vulnerability and got in...
why modify silly binaries like ps, top, ls, find, etf ??
that gives themself away as having modified the system
if they quietly do what they do, like run irc chat
or spam bomb just a few a day ... nobody might notice ???
( until sleepy admin watch the logs or see whats running
- erasing the logs is a dead give away you got a problem
( that something happened
there's more alarms going off when things are modified
on a normal box ??
if only irc ran ... it might be overlooked till the load
on the box is too high ??
- changing/trojaning all the binaries will
definitely give yourself away
- either way... to trojan the binaries or not .. etiher way
the sleepy admin wont notice...
- sharp ones will catch it within a few minutes/hours...
or not happen (not exploited) at all ..
-- guess i would do a "minimum disturbance" if i got into
somebodys box and wanted to use their resources
as opposed to tripping over "everything"
c ya
alvin
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
