|
|
Subscribe / Log in / New account

Known-exploit detection for the kernel

Known-exploit detection for the kernel

Posted Dec 19, 2013 7:50 UTC (Thu) by dlang (guest, #313)
In reply to: Known-exploit detection for the kernel by noxxi
Parent article: Known-exploit detection for the kernel

the better shops also ship their logs off of the local systems so that attempts to scrub the logs will fail.

to post comments

Known-exploit detection for the kernel

Posted Dec 19, 2013 9:36 UTC (Thu) by zlynx (guest, #2285) [Link] (1 responses)

A really well informed attacker can try to jam the log server with nonsense UDP or TCP resets. He'd need access to the log server network of course.

If he can DOS the log server, it won't record anything except a pile of junk. Once he gets root he can kill -9 the log service, clean the logs and restart it.

Just another thing to watch out for.

Known-exploit detection for the kernel

Posted Dec 19, 2013 16:30 UTC (Thu) by Funcan (subscriber, #44209) [Link]

A sufficiently advanced attacked can also break in and steal the log server. I doubt most people are facing that level of APT most of the time though...


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds