Nick Drage wrote:
On Wed, Dec 14, 2005 at 06:39:26 +0100, Bjørn Ruberg wrote:
[...]
In order to bind to the correct port wouldn't the existing SSHD process need to be killed? Or at least redirected to listen on another port so the "shady" process could act as an intermediary. For that to happen wouldn't the attacker need root privileges anyway?
There are several ways to escalate privileges, most of which are not netfilter related.
The point I was trying to make is that important services should not be told to listen to ports above 1024.
-- Bjørn
