At face value, and without (intending to) sounding like a moron, Shorewall
can block anything you tell it not to explicitly allow. Isn''t that the
default way its currently being used?
respectfully,
joey
----- Original Message -----
From: "Mike Noyes" <mhnoyes@users.sourceforge.net>
To: "Shorewall Users" <shorewall-users@lists.shorewall.net>
Cc: "leaf-user" <leaf-user@lists.sourceforge.net>
Sent: Tuesday, December 02, 2003 10:38 AM
Subject: [leaf-user] SucKIT root-kit
> Tom,
> Is Shorewall capable of blocking/logging/detecting the spoofed packet
> SucKIT uses?
>
>
> http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html
> SucKIT is a root-kit presented in Phrack issue 58, article 0x07
> ("Linux on-the-fly kernel patching without LKM", by sd &
devik).
> This is a fully working root-kit that is loaded through /dev/kmem,
> i.e. it does not need a kernel with support for loadable kernel
> modules. It provides a password protected remote access
> connect-back shell initiated by a spoofed packet (bypassing most
> firewall configurations), and can hide processes, files and
> connections.
>
> --
> Mike Noyes <mhnoyes at users.sourceforge.net>
> http://sourceforge.net/users/mhnoyes/
> SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by OSDN''s Audience Survey.
> Help shape OSDN''s sites and tell us what you think. Take this
> five minute survey and you could win a $250 Gift Certificate.
> http://www.wrgsurveys.com/2003/osdntech03.php?site=8
>
> ------------------------------------------------------------------------
> leaf-user mailing list: leaf-user@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/leaf-user
> SR FAQ: http://leaf-project.org/pub/doc/docmanager/docid_1891.html