> One thing I forgot to mention in my last mail - I have seen an attacker > be tricky enough to set up firewall rules that only allowed their > machine to connect to their backdoor, so it wouldn't show up on a scan.
Well, you can always fix that by replacing your kernel with a Known Good One (tm) that has ip filtering/tables/chains/whatever disabled and no loadable module support. I recommend canning loadable module support anyway, on any sort of server (it's not like you're going to change the hardware config that often...) ------------------------------------------------------------------------ Justin Coffey 858.535.9332 x 2025 Homes.com, Inc. http://homes.com ------------------------------------------------------------------------
