>Is
> there any landscape in which you may want to allow direct
> root login to
> your host?
I allow it to my firewall, since there isnt any other account on there. but
then again, that system only listens to my internal interfaces.. So, not
typical maybe?
--
To UNSUBSCRIBE, email to [EMAIL P
> I'm looking for something like this:
Howabout installing shorewall? (www.shorewall.net) the best iptables script i
have ever seen.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> I'm looking for something like this:
Howabout installing shorewall? (www.shorewall.net) the best iptables script i have
ever seen.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> Am I just being paranoid, or is this sort of compromise
> really possible?
And also: If the IDS "was there first" it would trigger on the modified
kernel/module/library (or whatever) since it has to differ between the last
check _before_ the infection and the first check _after_ infection.
N
> I've heard of, but not confirmed the existence of, a root kit that is
> not detected by Tripwire and other intrusion detection software. It
> does this by keeping a backup of the original utility (eg.
> ls, ps, etc.)
> and then provides either it's own utility or the original depending on
> how
> How to protect against rootkis ?
Keep your system up to date, do not run unrelaibale software, do not give
accounts to people you do not trust.
> Is it some kind of trojan
> wich working
> with root priviledges ?
Basically, yes. It is typically a "kit" you drop on the system via a remote
r
>Telnet suckz badly.
How do you know it was exploited via telnetd? I can think of a lot of services
more readibly exploitable then telnet.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> Am I just being paranoid, or is this sort of compromise
> really possible?
And also: If the IDS "was there first" it would trigger on the modified
kernel/module/library (or whatever) since it has to differ between the last check
_before_ the infection and the first check _after_ infection.
> I've heard of, but not confirmed the existence of, a root kit that is
> not detected by Tripwire and other intrusion detection software. It
> does this by keeping a backup of the original utility (eg.
> ls, ps, etc.)
> and then provides either it's own utility or the original depending on
> ho
> How to protect against rootkis ?
Keep your system up to date, do not run unrelaibale software, do not give accounts to
people you do not trust.
> Is it some kind of trojan
> wich working
> with root priviledges ?
Basically, yes. It is typically a "kit" you drop on the system via a remote r
>Telnet suckz badly.
How do you know it was exploited via telnetd? I can think of a lot of services more
readibly exploitable then telnet.
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
11 matches
Mail list logo
