Altering a daily record only is insufficient, because 100 have one leakage closely surely, although thought to alter all daily records oneself, still can leave a few clues. Installed certain and postern program for example, after moving, also may be discovered by the administrator. So, hacker ace can shroud a track further through replacing the method of program of a few systems. This kind is called Rootkit with the hacker program that will replace regular system program, this kind of program can be found in website of a few hackers, commonner have LinuxRootKit, had developed 5 version now. It can replace systematic Ls, Ps, Netstat, Inetd to wait a series of important system programs a moment, after replacing Ls, can conceal designation document, make the administrator cannot see these documents when use Ls commands, achieve the goal that conceals oneself thereby.

3. Postern

General hacker can be in after scoring a system not merely the ground enters this system. To go to the lavatory when reentrance system next time a bit, the hacker can leave next back door, the Trojan horse is postern best example. The means that back door leaves in Unix has a lot of kinds, a few kinds of common back door introduce below, for network manager reference is on guard.

<1> password defeats solution back door
This is the person that inbreak those who use is the earliest also be the oldest method, it can obtain the visit of pair of Unix machines not only, and can make back door through breaking solution code. This cuts the account that sees countersign weakness namely. The current account of the person that although the administrator was sealed,inbreak later, these new accounts still may be the back door that invades afresh. Below most circumstance, the person that inbreak searchs countersign to did not use an account fragily, what change countersign next is some more difficult. The account that searchs countersign weakness when the administrator is, also won't discover the account that these passwords already revised. Consequently the manager closes down very hard certainly which account.

Back door of <2>Rhosts
In the Unix machine that links a network, resembling such service of Rsh and Rlogin is to be based on the leader name in Rhosts file to use simple attestation method. The user is OK easily the change is installed and do not need countersign to be able to be entered. The person that inbreak wants to input " " to the middle of the Rhosts file of some user that can visit only, can allow anyone from anyplace beardless countersign can enter this account. Special when be being shared outwards through NFS when Home catalog, the person that inbreak is more absorption hereat. These accounts also became the back door that the person that inbreak invades again. A lot of people prefer to use Rsh, because it lacks log capacity normally. A lot of administrators often check " " , the person that inbreak so installs the leader name that comes from another account on the net and user name more actually, be discovered not easily thereby.
Previous 1 2 3 4 5 6 78 9 10 11 Next