On Mon, Jul 02, 2001 at 03:04:36PM -0400, Benjamin Scott wrote: > At the same time, if an attacker has penetrated your security to the point > where they can successfully load a new kernel module, I think the game is > pretty much up. They are patching the running system. Game over, man. > Reboot from trusted media and run a full verification with your IDS, and/or > wipe-and-restore. I would agree, but the point is, you need to KNOW that you've been compromised before you can do anything to fix the problem. These modules make it all but impossible to realize that, by hiding all the nasty stuff they did/are doing. If you can't tell you've been compromised, you're not likely to do anything about it. -- --------------------------------------------------- Derek Martin | Unix/Linux geek [EMAIL PROTECTED] | GnuPG Key ID: 0x81CFE75D Retrieve my public key at http://pgp.mit.edu ********************************************************** To unsubscribe from this list, send mail to [EMAIL PROTECTED] with the following text in the *body* (*not* the subject line) of the letter: unsubscribe gnhlug **********************************************************
