Linux Today: Linux News On Internet Time.

RootPrompt.org: Know Your Enemy: III - They Gain Root

Mar 13, 2000, 15:50 (2 Talkback[s])
(Other stories by Lance Spitzner)

[ Thanks to Noel for this link. ]

"This article is the third of a series focusing on the script kiddie. The first paper focuses on how script kiddies probe for, identify, and exploit vulnerabilities. The second paper focuses on how you can detect these attempts, identify what tools they are using and what vulnerabilities they are looking for. This paper, the third, focuses on what happens once they gain root. Specifically, how they cover their tracks and what they do next."

"As we learned in the first paper, the script kiddie is not so much a person as it is a strategy, the strategy of probing for the easy kill. One is not searching for specific information or targeting a specific company, the goal is to gain root the easiest way possible. Intruders do this by focusing on a small number of exploits, and then searching the entire Internet for that exploit. Do not underestimate this strategy, sooner or later they find someone vulnerable."

"Once they find a vulnerable system and gain root, their first step is normally to cover their tracks. They want to ensure you do not know your system was hacked and cannot see nor log their actions. Following this, they often use your system to scan other networks, or silently monitor your own. To gain a better understanding of how they accomplish these acts, we are going to follow the steps of a system compromised by an intruder using script kiddie tactics."

Complete Story

Related Stories: