This bad guys starts of by scanning ports and determining services that are
running on the target. Next they do is, find an exploit to that vulnerable
service which they acquire root privilege. Then that's the only time they
install the sniffer. From the console of the victim machine, they ftp to
somewhere to get the sniffer program. I just don't know if BO or SUB7 will
work in Unix. I'm sure it will. :-) And also, they install rootkit to hide
their processes like ps, ifconfig, and so on.
...hope this helps
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
> Sent: Monday, June 18, 2001 7:22 AM
> To: [EMAIL PROTECTED]
> Subject: sniffer programs
>
>
> Hello all,
>
> We often hear of bad guys using sniffer programs to check out
> packets for
> information. My question is where and how are these sniffers usually
> installed. Has anyone ever disovered a sniffer program
> running on their
> firewall?
>
> Regards,
> S. Filliol
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
>
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
