On Tue, 2003-12-02 at 17:57, Joey Officer wrote: > At face value, and without (intending to) sounding like a moron, Shorewall > can block anything you tell it not to explicitly allow. Isn't that the > default way its currently being used?
Joey, Disclaimer: I'm not a security expert. My understanding of the root-kit is that it initiates a secure remote connection from the rooted machine using a spoofed packet. My meager understanding led me to ask if Shorewall was checking for spoofed packets originating within a firewalled network. I know there are checks for spoofed packets trying to enter the firewalled network. Please correct any erroneous thinking on my part. Thanks. > ----- Original Message ----- > From: "Mike Noyes" <[EMAIL PROTECTED]> > To: "Shorewall Users" <[EMAIL PROTECTED]> > Cc: "leaf-user" <[EMAIL PROTECTED]> > Sent: Tuesday, December 02, 2003 10:38 AM > Subject: [leaf-user] SucKIT root-kit > > > > Tom, > > Is Shorewall capable of blocking/logging/detecting the spoofed packet > > SucKIT uses? > > > > > > http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html > > SucKIT is a root-kit presented in Phrack issue 58, article 0x07 > > ("Linux on-the-fly kernel patching without LKM", by sd & devik). > > This is a fully working root-kit that is loaded through /dev/kmem, > > i.e. it does not need a kernel with support for loadable kernel > > modules. It provides a password protected remote access > > connect-back shell initiated by a spoofed packet (bypassing most > > firewall configurations), and can hide processes, files and > > connections. -- Mike Noyes <mhnoyes at users.sourceforge.net> http://sourceforge.net/users/mhnoyes/ SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs ------------------------------------------------------- This SF.net email is sponsored by OSDN's Audience Survey. Help shape OSDN's sites and tell us what you think. Take this five minute survey and you could win a $250 Gift Certificate. http://www.wrgsurveys.com/2003/osdntech03.php?site=8 ------------------------------------------------------------------------ leaf-user mailing list: [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html
