Re: Function prologue and epilogue.

2006-08-04 Thread Stef K 

Hi,
 your code seems fine. There is no OpenBSD specific conventions
you need to take into account, so you don't need to find specific
OpenBSD assemply tutorials (at least not for this issue).
 Since when you remove function prologue/epilogue, your program
is ok, then I guess you mess with the ebp register inside your
function's body. In any case, can you send some more of your
code, so that one can check it out? This code you send is perfectly
valid, though.

regards,
Stef

Re: Alternative superuser aside from root

2006-08-08 Thread Stef K 

Hi,
 It is possible to rename your root account... You have to change
it's name in /etc/passwd and maybe change its home directory.

 BUT:

a) some programs may not work properly 'cause they depend on the name
of the super-user account (I can't remember of any example right-now,
but I'm sure some exist...)

b) This is NOT a security enhancement... The superuser is not
understood by the system by its name, but by it's user-id. The
superuser is the account with user-id 0 (zero). When a hacker exploits
a known buffer overflow, what the code does is (try to) change its
user-id to 0. You won't achieve anything by renaming the account...
The quest of a hacker is not towards 'root' account, but towards
user-id zero.

regards,
stef

Re: IDS solution

2006-03-22 Thread Stef K 
On 22/03/06, edgarz <[EMAIL PROTECTED]> wrote:
> Reyk Floeter wrote:
> > hi,
> >
> > On Tue, Mar 21, 2006 at 02:50:35PM -0300, Hutger H. wrote:
> >
> >>I've been looking for a consolidated IDS solution that I can deploy in
> >>my network. Snort is really a good option but currently it seems that
> >>they are charging for updates, it that true? I'd like to find out a free
> >>of charge Linux, or BSD, solution that can works as good as snort works
> >>and, rather with some successful deployment cases.
> >>
> >
> >
> > an alternative approach to snort is bro, which uses a bsd-style license.
> >
> >   http://www.bsd-ids.org/
> Are you sure about it? Domain not found.
>
> >
> > the c++ code is a bit ugly, but the system is very powerful, supports
> > snort rules and is also supported by most of the hybrid IDS frameworks
> > (like prelude-ids). bro claims that their own context-based rule
> > language is even more powerful than the snort stuff.
> >
> > reyk
>
>

No, the link is http://www.bro-ids.org/