You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was going through the code and stumbled over the complex mechanism of intercepting TCP packages via pcap, reassembling them in the ring buffer and then searching through them.
Why is it not possible to simply take the command from the payload of the malformed TCP package (the one with the bad checksum), that triggers the rootkit in the first place?
The text was updated successfully, but these errors were encountered:
I was going through the code and stumbled over the complex mechanism of intercepting TCP packages via pcap, reassembling them in the ring buffer and then searching through them.
Why is it not possible to simply take the command from the payload of the malformed TCP package (the one with the bad checksum), that triggers the rootkit in the first place?
The text was updated successfully, but these errors were encountered: