> Am I just being paranoid, or is this sort of compromise > really possible?
And also: If the IDS "was there first" it would trigger on the modified kernel/module/library (or whatever) since it has to differ between the last check _before_ the infection and the first check _after_ infection. Now, if the exploit was there first, the IDS is a moot point alltogether. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
