What do system crackers do?
Most system crackers attempt to disguise their activities, often
by using software packages called "root kits". Root kits can do
things like:
- Install trojan binaries for login, ssh,
sshd or other programs that users give passwords to, which
then collect those passwords for the cracker, as well as provide
back-door access to the attacker
- Install network sniffers to collect passwords moving in the
clear on the network
- Install alternate versions of ps, netstat, and
other utilities, that do not show processes and network connections
belonging to the cracker
- Similarly, kernel modules may be installed that modify system
calls to not report information about the cracker's activity
- Log-wiping tools that erase system log data that might have been
used to trace the origin of the attack
Steve VanDevender
Last modified: Wed Jul 7 14:48:53 PDT 2004