[Shorewall-users] SucKIT root-kit

Mike Noyes mhnoyes at users.sourceforge.net
Tue Dec 2 16:32:12 PST 2003

Is Shorewall capable of blocking/logging/detecting the spoofed packet
SucKIT uses?

    SucKIT is a root-kit presented in Phrack issue 58, article 0x07
    ("Linux on-the-fly kernel patching without LKM", by sd & devik). 
    This is a fully working root-kit that is loaded through /dev/kmem,
    i.e. it does not need a kernel with support for loadable kernel
    modules.  It provides a password protected remote access
    connect-back shell initiated by a spoofed packet (bypassing most
    firewall configurations), and can hide processes, files and

Mike Noyes <mhnoyes at users.sourceforge.net>
SF.net Projects: ffl, leaf, phpwebsite, phpwebsite-comm, sitedocs

More information about the Shorewall-users mailing list