[ale] ipv6 dns requests???

David Hamm ale at spinnerdog.com
Tue Apr 20 08:14:58 EDT 2004


I've heard a popular trick of crackers is to use IPV6.  It goes undetected 
since most aren't using it.  You might try using one of the rootkit tools to 
see if the system has been root kited.  

Some security experts suggest deleting the IPV6 modules from /lib/modules 
directories.  You could rename the IPV6 modules and reboot.  There is a 
chance the system might not come back up but if you've been cracked you 
probably want to re-load the system anyway.

http://www.net-security.org/software.php?id=531
http://www.chkrootkit.org/




On Tuesday 20 April 2004 07:54 am, Geoffrey wrote:
> Robert L. Harris wrote:
> > If you do "lsmod" is there anything related to ipv6?  If it's compiled
> > in static you may not be able to disable it.
>
> Yeah, I've got:
>
> ipv6                  227392  -1 (autoclean)
> key                    70456   0 (autoclean) [ipv6]
>
> I tried to remove them, but somethings got them busy.  I shutdown all
> network services, still busy. :(



More information about the Ale mailing list