Originally posted by erendorn
View Post
Imagine system, where you, administrator, deliberately placed invisible traps. Thanks to rootkit technologies traps could be invisible and unexpected, not reported by standard OS tools, etc. Now attacker would break into system but there will be some catch: system will not do what intruder expects but rather monitor/intercept/subvert unrequested activity, alert admins and so on. Can you imagine you did unlink() to trash logs, it reported success but then rather alerted admin, took snapshot and initialized shutdown to minimize impact?
I do not see why it is fundamentally wrong to greet attackers with their own tools, this could be very nice showstopper for some badass .
Leave a comment: