On Mon, Oct 28, 2002 at 06:46:47PM -0800, Rick Moen wrote:
> 
> >> This confusion has also come up elsewhere, on LinuxToday:
> >> http://linuxtoday.com/news_story.php3?ltsn=2002-09-20-011-26-SC-SV
> > 
> > tht just talks about arresting some poor soul ??
> 
> Read the talkbacks, at the bottom.

Specifically, I think you're referring to
http://linuxtoday.com/news_story.php3?ltsn=2002-09-20-011-26-SC-SV-0014
which talks about the difference between a rootkit and an attack-kit
with a rootkit bunled in.

<snip>
> 2.  The sophistication required to read an ifconfig manpage is mighty
>     low.

To be exact, changing your MAC address consists of:

# ifdown eth0
# ifconfig eth0 hw ether <arbitrary ethernet address>
# ifup eth0

... but that's not really the point.  The average script-kiddie will
(for example) have learned enough chemistry in school to make some very
lethal explosives, but it doesn't occur to them to use that knowledge.

In practice, even a very low security barrier will stop the 90% of
clueless abusers - but (to drag this thread bag on-topic), that's no
excuse for basing the security of your network on a fundamentally
insecure way of identifying computers.

Ultimately, the only secure assumption is that machines which you don't
control will spew whatever incorrect or invalid data they like onto your
network.

        - Andrew

Attachment: msg07560/pgp00000.pgp
Description: PGP signature

Reply via email to