On Fri, 6 Jul 2001, Rich C wrote:
> Yes, but that is not practical in a trojan setup, since modifying windows
> system files can be undone with the system file checker ...
The same applies to viruses. Yet viruses remain a huge problem.
Unfortunately, far too many users simply never run such tools, be they SFC.EXE
or an actual anti-virus program.
> Also, changing files like this usually requires a reboot ...
Doing *anything* on Windows usually requires a reboot. Heck, when an
installer *doesn't* ask me to reboot, I get worried.
> And I am also surprised that the Linux "root kits" that are around don't
> also include tools to spoof source IPs.
I've heard of at least one that does.
> Or maybe they do and the kiddies don't know how to use them? Otherwise,
> how would the ISPs find the offending machines and shut them off? (I must
> be missing something here.)
A good ISP will use ingress/egress filtering, so that packets spoofed to
look like they are coming from or going to a location not on their network are
caught. Some even use network-based scanner/sniffer tools to look for open
ports and/or suspicious activity.
--
Ben Scott <[EMAIL PROTECTED]>
| The opinions expressed in this message are those of the author and do not |
| necessarily represent the views or policy of any other person, entity or |
| organization. All information is provided without warranty of any kind. |
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
