Firewalls: Re: prevalence of sniffing ?

Firewalls
(July 1994)

Indexed By Thread: [Previous] [Next]

Subject:	Re: prevalence of sniffing ?
From:	crow!rik @ uunet . uu . net (Rik Farrow 602 282 0242 MST)
Date:	Fri, 29 Jul 94 11:06:08 MST
To:	uworld!uunet!GreatCircle . COM!Firewalls @ uunet . uu . net
Reply-to:	crow!rik @ uunet . uu . net

>From: Ed DeHart <dehart @
 info .
 pgh .
 pa .
 us>

>Intruders also replace the ifconfig program with a hacked version that
>will not report if the interface is in promiscious mode.  df, du, and
>netstat have also been found to be replaced.

The ps command should be added to this list.  A friend found a kit on his
system which included the above mentioned utilities, and a version of ps 
with a configuration file where you could list the names of programs which
will never appear in a ps listing.  The name of the sniffer program was in 
this list.  Some attempt was made to fix the checksums of replaced programs,
and to correct the modification date (but not the inode change dates).

A trojan ls command was also included.

Rik Farrow

Indexed By Date	Previous:	Re: prevalence of sniffing ? From: jsz @ ramon . bgu . ac . il (jsz)
Indexed By Date	Next:	Interlock encryption From: pau @ watson . ibm . com (Pau-Chen Cheng)
Indexed By Thread	Previous:	Re: prevalence of sniffing ? From: Florian Schnabel <fs @ muc . de>
Indexed By Thread	Next:	FW: prevalence of sniffing ? From: "Johnson-Bryden, Ian" <IJB @ saicuk . co . uk>