Bugtraq mailing list archives

Re: snooper watchers

From: avalon () coombs anu edu au (Darren Reed)
Date: Sun, 26 Feb 1995 12:27:30 +1100 (EDT)


[...]

Btw an easier attack is to just modify the script that regularly runs
tripwire, usually run from cron.

You really need to do a seperation of the checkee from the checkor.
If someone has root access on the machine, the could basicly do anything
that is needed to cover their tracks.


This is why manual checks should still be done, but this is not why
automatic checking should be given up.

                                     Tim N.


Something I was thinking of, what if you have two hosts, which don't
trust each other in any way, set them up to use a network filesystem
of sorts and run tripwire on the "other" host.  So for host A, tripwire
would run on host B and for host B, tripwire would run on host A.

darren

Current thread:

Re: snooper watchers, (continued)
- Re: snooper watchers John Adams (Feb 23)
  - Re: snooper watchers Julian Assange (Feb 23)
    - Re: snooper watchers Karl Strickland (Feb 28)
    - Re: snooper watchers Julian Assange (Feb 28)
  - Re: snooper watchers Ben Taylor (Feb 24)
- Re: snooper watchers Charles Stephens (Feb 23)
- Re: snooper watchers mascarkp () cc3 adams edu (Feb 24)
- Re: snooper watchers Eiji Hirai (Feb 24)
  - Re: snooper watchers Gene Rackow (Feb 25)
    - Re: snooper watchers Timothy Newsham (Feb 25)
    - Re: snooper watchers Darren Reed (Feb 25)
    - Re: snooper watchers Dr. Frederick B. Cohen (Feb 25)
- Re: snooper watchers smb () research att com (Feb 26)
- Re: snooper watchers der Mouse (Feb 26)
- Re: snooper watchers Timothy Jones (Feb 26)
  - Re: snooper watchers Leo Bicknell (Feb 26)
    - Re: snooper watchers Christopher Samuel (Feb 27)
  - No Subject Nicholas West (Feb 26)
  - Re: snooper watchers Peter Wemm (Feb 27)