Full Disclosure mailing list archives
AW: How to easily bypass a firewall...
From: vogt () hansenet com
Date: Tue, 5 Aug 2003 15:26:10 +0200
Whereas if they were using, say, NetBSD with IPFilter and turned the securelevel to be >= 2, you cannot turn off or otherwise change ipf's configuration without a reboot. Of course this then leads back to the problem of having all the requisite bootup files immutable to prevent trojan'ing and that can make things harder to administer than it is worth the effort.
Actually, the main effect is that you NOTICE. Usually, you monitor your systems, and a reboot will show up, which will cause you to take a look. Which raises the bar for the attacker from "not being noticed by the OS" to "not being noticed by the admin looking for something that's wrong". Tom _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- AW: How to easily bypass a firewall... vogt (Aug 05)