The Seattle SAGE Group (SSG)
Seattle based special interest group for system and network administrators.

Hiding Attacks

  1. Hackers getting real good at hiding intrusions
    1. A modified /etc/login:
      1. was the correct length,
      2. had the same checksum,
      3. had correct permissions and
      4. had correct last-mod date

  2. Only detectable by
    1. Comparing against read only install media (if the vender wasn't compromised as well)
    2. Using cryptographic signatures (MD5)
Table of Contents Previous Page Next Page