On Mon, 23 Jun 2003, Chris Brenton wrote: > If you are wondering just how evil these kits can be, some further reading: > http://www.sans.org/resources/idfaq/knark.php > > Note that knark can render MD5 and other checks useless while its loaded > in the kernel.
There's far worse than that in the wild. At the last company I worked for, I was the security guy. Someone asked me to come over and look at one of their boxes - it was acting a little strange. Long story short, we found that the attacker (you're right kevin! apologies) had tacked up a gre tunnel using ipv6 addresses between his box and this person's. He was essentially outsourcing content on his website to a massive network of compromised machines. Very intricate... and interesting. Ben -- Judge not the horse by his saddle. _______________________________________________ gnhlug-discuss mailing list [EMAIL PROTECTED] http://mail.gnhlug.org/mailman/listinfo/gnhlug-discuss