[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Memory leak (hacked?)

On Wed, 7 Apr 2004, Joe Knapka wrote:

> Or, you may be hacked. A clever intruder can insert modules
> into the kernel (which is why a public server shouldn't have
> module load/unload enabled), and can also hide the fact that
> he's done so. A malicious module that simply allocated
> pages as fast as it could would cause the behavior you're
> seeing.

Common misperception, but it actually makes no difference. Even if you
disable module loading / unloading, attackers can still insert LKMs. 
Modern linux rootkits do exactly this....