Steve Thomas spake, saying thusly:>there are the teardrop, ping of death, DoS and a host of other forms of
>attacks. While all of the research that I have been doing concerning
>another form of an attack.... I became sorta stumped on an idea...
>
>is there anywhere.... a description on what to expect or what happenes
>during any one of these or other attacks listed somewhere? If so, could
>someone please direct me in that direction?
Sometimes nothing. I recently discovered (quite by accident) that I
had been hacked a few weeks ago via named (just guessing - evidence
was found in /var/named). My own fault, really, since I hadn't kept up
with the new versions (I do now!).
For those of you who are as inexperienced in actual breakins as I was,
go to rootshell.com, download the RootKit, and look through the source
code - it's extremely educational. Nutshell version: with a simple
"make
install", an attacker with root privs can replace a whole slew of binaries
on your system. They don't even need to understand how it works, and
you'll never know they're there. (I happened to notice because my login
prompt changed from hostname to FQDN - but almost shrugged it off).
For a denial of service attack, well, you can't access that service. But
a real breakin attack - you may never know. Run tripwire.
(Tangent: I found tripwire-1.2, dated circa '94, and I get much complaints
compiling the lex/flex stuff - is there a more recent version? Or something
functionally equivalent?)
jim
--
Urmane Hendrake "Anti-wrinkle cream there may be,
but
urmane@urmane.org anti-fat-bastard cream there is
not."
http://www.urmane.org/~urmane Dave, The Full Monty