:But it might be hiding a real security threat/attack or a real breakin.
:Say I've spent all night trying to hack into your machine and finally get in.
:If I can reset all of ipfw's counters back to zero, and this is
:something your security checking scripts are checking, you might not
:think that anyone has even been trying to break into your machine, much
:less made it into the machine. If I have some inside information,
:I could probably even get the counters back into the range where you
:might expect them to be at.
:
:Hopefully if this were to happen, you might see some other console/syslog
:messages or something else that catches your eye, but then again,
:maybe not.
:
:Just to help out people running at higher security levels, you could
:always implement something that lets you reset the values to some
:...
:Mike Pritchard
I find this scenario highly unlikely. I can think of a thousand things.
Well, a dozen anyway, that said hacker could do to the machine that are
far more serious then clearing ipfw counters. And for that reason, I
don't really consider it a realistic scenario. The hacker isn't going to
give a damn about the ipfw counters.
-Matt
Matthew Dillon
<dil...@backplane.com>
To Unsubscribe: send mail to majord...@freebsd.org
with "unsubscribe freebsd-hackers" in the body of the message
