[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

AW: [Full-Disclosure] How to easily bypass a firewall...

To: avalon@caligula.anu.edu.au, pauls@utdallas.edu
Subject: AW: [Full-Disclosure] How to easily bypass a firewall...
From: vogt@hansenet.com
Date: Tue, 5 Aug 2003 15:26:10 +0200

> Whereas if they were using, say, NetBSD with IPFilter and turned
> the securelevel to be >= 2, you cannot turn off or otherwise change
> ipf's configuration without a reboot.
> 
> Of course this then leads back to the problem of having all the
> requisite bootup files immutable to prevent trojan'ing and that
> can make things harder to administer than it is worth the effort.

Actually, the main effect is that you NOTICE. Usually, you monitor
your systems, and a reboot will show up, which will cause you to
take a look.
Which raises the bar for the attacker from "not being noticed by
the OS" to "not being noticed by the admin looking for something
that's wrong".


Tom

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: [Full-Disclosure] [SECURITY] [DSA-358-2] New kernel packages fix potential "oops"
Next by Date: Re: [Full-Disclosure] (no subject)
Prev by thread: [Full-Disclosure] [SECURITY] [DSA-358-2] New kernel packages fix potential "oops"
Next by thread: [Full-Disclosure] Local Vulnerability in IBM DB2 7.1 db2job binary
Index(es):
- Date
- Thread