RE: what is means ? + rootkits..
> Am I just being paranoid, or is this sort of compromise
> really possible?
And also: If the IDS "was there first" it would trigger on the modified kernel/module/library (or whatever) since it has to differ between the last check _before_ the infection and the first check _after_ infection.
Now, if the exploit was there first, the IDS is a moot point alltogether.
--
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: