[ale] ipv6 dns requests???
Geoffrey
esoteric at 3times25.net
Tue Apr 20 08:42:25 EDT 2004
David Hamm wrote:
> I've heard a popular trick of crackers is to use IPV6. It goes undetected
> since most aren't using it. You might try using one of the rootkit tools to
> see if the system has been root kited.
It seems to be a symptom of SuSE 9 as I've got a couple of boxes with it
and all do it. I'm going to do a quick install on another box and see
if it does this right away.
>
> Some security experts suggest deleting the IPV6 modules from /lib/modules
> directories. You could rename the IPV6 modules and reboot. There is a
> chance the system might not come back up but if you've been cracked you
> probably want to re-load the system anyway.
I'll likely remove the ipv6 mods, but I want to make sure I know what's
causing it first.
Thanks.
>
> http://www.net-security.org/software.php?id=531
> http://www.chkrootkit.org/
>
>
>
>
> On Tuesday 20 April 2004 07:54 am, Geoffrey wrote:
>
>>Robert L. Harris wrote:
>>
>>>If you do "lsmod" is there anything related to ipv6? If it's compiled
>>>in static you may not be able to disable it.
>>
>>Yeah, I've got:
>>
>>ipv6 227392 -1 (autoclean)
>>key 70456 0 (autoclean) [ipv6]
>>
>>I tried to remove them, but somethings got them busy. I shutdown all
>>network services, still busy. :(
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://www.ale.org/mailman/listinfo/ale
>
>
--
Until later, Geoffrey Registered Linux User #108567
Building secure systems in spite of Microsoft
More information about the Ale
mailing list