[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

Re: [linux-security] Re: Re: Re: Bind Overrun Bug and Linux (fwd)

From: Jon Lewis <jlewis inorganic5 fdt net>
To: linux-security redhat com
Subject: Re: [linux-security] Re: Re: Re: Bind Overrun Bug and Linux (fwd)
Date: Sat, 23 May 1998 19:21:23 -0400 (EDT)

On Sat, 23 May 1998, Shaun wrote:

> 	-make some sort of script that monitors the kernel and reports
> if it is forced into promiscous mode.

Actually, on other lists, people have posted saying they've hacked the
kernel to make the kernel panic when an ethernet device goes into
promiscuous mode.  Kind of like the James Bond theft-proof lotus, but it
will definitely set off the alarms if you're hacked and they start up a
sniffer that puts eth0 in promiscuous mode.

> 	-know WHO is on your system, and measure out the pro's and con's 
> in giving out shell accounts

As an ISP, we used to give shell to all clients...but since most clients
signing up today don't know what telnet is, we no longer give them shell
access unless they ask for it.  Many times, an intruder will get in after
somehow sniffing a clients password from another network or social
engineering.  If the account they compromise doesn't have shell, it will
at least slow them down if not seriously limit the damage they can do.

> 	-compile your kernel to not support on-demand loadable modules

Hmm...I could try reading the source...but isn't this a job for
securelevel?  Does the kernel currently support, via securelevel,
prevention of module loading?  It would be nice if you could load modules,
then bump up securelevel, and no longer be able to.  Some things can't be
linked into the kernel.

[mod: Securelevel is not properly enforced in 2.0.33. The word
securelevel doesn't occur anywhere in the 2.1.102 kernel. -- REW]

> network integrity as they only use publically available exploits.  And if
> the person that is hacking you does not use rootsh3ll warez, expect to
> never get rid of him without rm -rf /'ing your whole system.  

If you're lucky and have a non-hacked backup, you can restore to alternate
disks, and then compare file by file.

------------------------------------------------------------------
 Jon Lewis <jlewis fdt net>  |  Spammers will be winnuked or 
 Network Administrator       |  drawn and quartered...whichever
 Florida Digital Turnpike    |  is more convenient.
______http://inorganic5.fdt.net/~jlewis/pgp for PGP public key____

Follow-Ups:
- Re: [linux-security] Re: Re: Re: Re: Bind Overrun Bug and Linux (fwd)
  - From: Shaun

References:
- Re: [linux-security] Re: Re: Bind Overrun Bug and Linux (fwd)
  - From: Shaun

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]