On 11 May 2006, at 1:56 AM, [EMAIL PROTECTED] wrote:
--On May 10, 2006 6:22:11 PM -0700 Mark Jayson Alvarez
<[EMAIL PROTECTED]> wrote:
Because if the machine has been compromised, it doesn't *matter*
what the outgoing ruleset is. Or what anything else is, for that
matter.
What if you're not in, but you can initiate an outgoing connection?
From a buggy PHP script on a web server for example?
If I hack your box, one of the first things I'm going to do is
install a rootkit. Then I'm going to wipe the logs of any evidence
of my entry (but leave them intact otherwise), clean my tracks from
the shell history file and remove any other evidence of my
presence. "Bypassing" your firewall rules is the least of my worries.
Paul Schmehl ([EMAIL PROTECTED])
Adjunct Information Security Officer
The University of Texas at Dallas
http://www.utdallas.edu/ir/security/
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
