Date: Thu, 27 Aug 1998 10:38:15 +0200 From: Philippe Regnauld <regnauld@deepo.prosa.dk> To: Wilson MacGyver <macgyver@cylatech.com>, security@FreeBSD.ORG Subject: Re: post breakin log Message-ID: <19980827103815.51594@deepo.prosa.dk> In-Reply-To: <1143.904199171@time.cdrom.com>; from Jordan K. Hubbard on Wed, Aug 26, 1998 at 11:26:11PM -0700 References: <199808270538.BAA01341@armitage.cylatech.com> <1143.904199171@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Jordan K. Hubbard writes: > > Every 14 year old kid too young to drive or grow pubic hair has a > FreeBSD rootkit. That's nothing particularly special or noteworthy > these days, I hate to say. :) Right. I hate to repeat it, but 99% of attacks today are scr1pt k1ddies. The rest you don't find. I mean, when someone successfully breaks into a machine (i.e.: Linux), successfully installs RootKit3 (the one that includes "shadowing" configuration files to hide entries in ls,ps, etc...) and then goes to run an IRC robot + sniffer really has no clue. The problem is these kinds of attacks: - make a lot of noise - increase the alertness/work ratio of new sysadmins - make it more difficult to trace more subtle attacks For a good starting point: http://www.ugu.com/sui/ugu/show?I=admin.security&F=1111111111&G=Y -- -[ Philippe Regnauld / sysadmin / regnauld@deepo.prosa.dk / +55.4N +11.3E ]- The Internet is busy. Please try again later. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?19980827103815.51594>