[Snort-users] Promiscuous interface hacks?
pauls at ...6838...
Thu May 1 15:43:27 EDT 2003
Thanks Matt. What I'm trying to grasp is not whether or not the bo would
work, but whether the attacker could then gain control of the box. I can
see how the bo would work, because snort is going to process the packets
regardless of what is in them.
But once the bo is exploited, even if a root shell is obtained, how does
the attacker then "get to" that shell? Since there's no IP associated with
it, I'm having trouble understanding how the attacker could then proceed to
exploit the box.
--On Thursday, May 01, 2003 06:33:50 PM -0400 Matt Kettler
<mkettler at ...4108...> wrote:
> The fact that the interface is in promisc mode is more-or-less irrelevant
> to an attack involving buffer overflows, format strings, off-by-ones, and
> other memory-corruption-to-execute code style attacks.
Paul Schmehl (pauls at ...6838...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
More information about the Snort-users