[ale] ipv6 dns requests???

Geoffrey esoteric at 3times25.net
Tue Apr 20 08:42:25 EDT 2004


David Hamm wrote:
> I've heard a popular trick of crackers is to use IPV6.  It goes undetected 
> since most aren't using it.  You might try using one of the rootkit tools to 
> see if the system has been root kited.  

It seems to be a symptom of SuSE 9 as I've got a couple of boxes with it 
and all do it.  I'm going to do a quick install on another box and see 
if it does this right away.

> 
> Some security experts suggest deleting the IPV6 modules from /lib/modules 
> directories.  You could rename the IPV6 modules and reboot.  There is a 
> chance the system might not come back up but if you've been cracked you 
> probably want to re-load the system anyway.

I'll likely remove the ipv6 mods, but I want to make sure I know what's 
causing it first.

Thanks.

> 
> http://www.net-security.org/software.php?id=531
> http://www.chkrootkit.org/
> 
> 
> 
> 
> On Tuesday 20 April 2004 07:54 am, Geoffrey wrote:
> 
>>Robert L. Harris wrote:
>>
>>>If you do "lsmod" is there anything related to ipv6?  If it's compiled
>>>in static you may not be able to disable it.
>>
>>Yeah, I've got:
>>
>>ipv6                  227392  -1 (autoclean)
>>key                    70456   0 (autoclean) [ipv6]
>>
>>I tried to remove them, but somethings got them busy.  I shutdown all
>>network services, still busy. :(
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
> 
> 


-- 
Until later, Geoffrey                     Registered Linux User #108567
Building secure systems in spite of Microsoft



More information about the Ale mailing list