Typical scenario:
-
The intruders first penetrate a system and gain root access through an unpatched vulnerability.
-
The intruders then run a network monitoring tool that captures up to the first 128 keystrokes of all newly opened FTP, telnet, and rlogin sessions visible within the compromised system's domain. These keystrokes usually contain host, account, and password information for user accounts on other systems; the intruders log these for later retrieval. The intruders typically install Trojan Horse programs to support subsequent access to the compromised system and to hide their network monitoring
process.
|
