[geeks] fw
David Cantrell
david at cantrell.org.uk
Thu Jul 25 17:50:54 CDT 2002
On Thu, Jul 25, 2002 at 01:00:10PM -0400, mattyml at daemons.net wrote:
> Security through obscurity is not a solution either.
Not on its own. But if you add it in to an already decent system it can't
do any harm.
> I read an interesting
> article about detecting remote OSs, and injecting payloads based on this
> reconnaissance. If you can make a probable guess, and find an OS,
> determining where to stick your payload on the stack is easy. You could
> also cycle through shellcode for 20 platforms and inject accordingly :)
The people who write these rootkits simply don't have the expertise to
cover all the options. Running NetBSD on a Mac, or Linux on Sparc or
whatever other unusual combination does, therefore, mean that more attacks
will fail.
--
David Cantrell | Reprobate | http://www.cantrell.org.uk/david
Good advice is always certain to be ignored,
but that's no reason not to give it -- Agatha Christie
More information about the geeks
mailing list