[Shorewall-users] SucKIT root-kit

Mike Noyes mhnoyes at users.sourceforge.net
Tue Dec 2 16:32:12 PST 2003


Tom,
Is Shorewall capable of blocking/logging/detecting the spoofed packet
SucKIT uses?


http://lists.debian.org/debian-announce/debian-announce-2003/msg00003.html
    SucKIT is a root-kit presented in Phrack issue 58, article 0x07
    ("Linux on-the-fly kernel patching without LKM", by sd & devik). 
    This is a fully working root-kit that is loaded through /dev/kmem,
    i.e. it does not need a kernel with support for loadable kernel
    modules.  It provides a password protected remote access
    connect-back shell initiated by a spoofed packet (bypassing most
    firewall configurations), and can hide processes, files and
    connections.

-- 
Mike Noyes <mhnoyes at users.sourceforge.net>
http://sourceforge.net/users/mhnoyes/
SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs



More information about the Shorewall-users mailing list