[ Thanks to Noel
for this link. ]
“This article is the third of a series focusing on the
script kiddie. The first paper focuses on how script kiddies
probe for, identify, and exploit vulnerabilities. The second paper
focuses on how you can detect these attempts, identify what tools
they are using and what vulnerabilities they are looking for. This
paper, the third, focuses on what happens once they gain root.
Specifically, how they cover their tracks and what they do
next.”
“As we learned in the first paper, the script kiddie is not so
much a person as it is a strategy, the strategy of probing for the
easy kill. One is not searching for specific information or
targeting a specific company, the goal is to gain root the easiest
way possible. Intruders do this by focusing on a small number of
exploits, and then searching the entire Internet for that exploit.
Do not underestimate this strategy, sooner or later they find
someone vulnerable.”
“Once they find a vulnerable system and gain root, their first
step is normally to cover their tracks. They want to ensure you do
not know your system was hacked and cannot see nor log their
actions. Following this, they often use your system to scan other
networks, or silently monitor your own. To gain a better
understanding of how they accomplish these acts, we are going to
follow the steps of a system compromised by an intruder using
script kiddie tactics.”