IDS mailing list archives
RE: can tripwire be used for sensor integrity???
From: "Rob Shein" <shoten () starpower net>
Date: Tue, 3 Feb 2004 11:26:38 -0500
Keep one thing in mind; tripwire does not detect LKM trojans or tampering. There are tools to deal with this; fnord was the first, I believe, but may be too narrowly-designed for mass consumption, if I correctly remember what the creators said at BlackHats '01. Still, they clearly delineate the nature of kernel integrity protection. http://www.synacklabs.net/projects/fnord/
-----Original Message----- From: Gaurav_Jindal [mailto:gaurav_jindal () da-iict org] Sent: Sunday, February 01, 2004 11:28 AM To: focus-ids () securityfocus com Subject: can tripwire be used for sensor integrity??? I got to know that tripwire coudl work to find out the integrity , can it be used for integrity of sensors. As what I read from tripwire that Tripwire creates a 'secure' (normally kept on a read-only disk/diskette along w/ the tripwire executable) database of file and directory attributes (including, if you want, complex MD5 and snefru signatures) which then can be used to compare against to see if a file or directory has changed somehow. If a cracker has broken in and replaced your /bin/date file w/ a trojan horse version, tripwire will let you know. do let me know is someone has used some kind of stuff like this for ids sensors to find attack in distributed environment?.. Thanking you, With Regards, Gaurav Jindal -------------------------------------------------------------- ------------- -------------------------------------------------------------- -------------
--------------------------------------------------------------------------- ---------------------------------------------------------------------------
Current thread:
- can tripwire be used for sensor integrity??? Gaurav_Jindal (Feb 02)
- Re: can tripwire be used for sensor integrity??? Wong Chung Yee, Ellis (Feb 02)
- RE: can tripwire be used for sensor integrity??? Rob Shein (Feb 05)
- RE: can tripwire be used for sensor integrity??? Matt Foster (Feb 24)
- <Possible follow-ups>
- Re: can tripwire be used for sensor integrity??? Chris Kirschke (Feb 02)
- Re: can tripwire be used for sensor integrity??? Bruce Potter (Feb 04)
- RE: can tripwire be used for sensor integrity??? Teicher, Mark (Mark) (Feb 04)