<sickmind <at> lavabit.com> writes: > On 10:50 Wed 21 Nov , Alexey E. Suslikov wrote: > > Hello tech@. > > > > Following this > > http://blog.crowdstrike.com/2012/11/http-iframe-injecting-linux-rootkit.html > > > > Besides of doing "#option LKM", is there any other way to disable > > modload(8)? > > If an attacker has enough access to actually load a kernel module, your > system is already screwed.
What if an attacker has access to *ONLY* load a kernel module (by exploiting tcpdump, for instance)?
