Security Incidents mailing list archives
Re: Bind8 exploit and a deleted partition map
From: Luciano Miguel Ferreira Rocha <strange () nsk yi org>
Date: Tue, 13 Feb 2001 17:52:43 -0500
On Mon, Feb 12, 2001 at 04:12:10PM -0800, Matteo,Marc A. wrote:
Hi all, So my question is, what're the odds that the hard drive was hosed by a booby trap rather than really bad luck. If it was a parting gift from an attacker, what are the methods used to leave that sort of thing as a trap on shutdown/reboot (so it can be avoided in the future)?
If you do a dd if=/dev/zero of=/dev/hda bs=512 count=1, (for dos like partitions and for ide drives,) you'll end up without a partition table. However, as the operating system as already booted up, destroying the partition table doesn't affect the OS in any way (the partition table is scanned on boot, not on demand). If you want to make sure that a partition table does exist before rebooting a machine, do a fdisk -l. If no partition table is found, reconstruct it with the information contained in /proc/partitions and dmesg. (Alas, that information may not be sufficient and /proc file and fdisk are linux specific, I don't know if they work that way in other OS.) Anyway, a list of the partitions of the system, as reported by fdisk, on paper, is quite useful when the system crashes and a reinstalation is needed, or when the partition table gets destroied.. hugs Luciano Rocha
Current thread:
- Bind8 exploit and a deleted partition map Matteo,Marc A. (Feb 13)
- Re: Bind8 exploit and a deleted partition map Luciano Miguel Ferreira Rocha (Feb 13)
- Re: Bind8 exploit and a deleted partition map Jose Nazario (Feb 13)
- Re: Bind8 exploit and a deleted partition map Derek Kwan (Feb 13)
- Re: Bind8 exploit and a deleted partition map Crist Clark (Feb 13)
- Re: Bind8 exploit and a deleted partition map Jeremy L. Gaddis (Feb 14)
- Re: Bind8 exploit and a deleted partition map Valdis Kletnieks (Feb 14)
- Re: Bind8 exploit and a deleted partition map Eric Brandwine (Feb 14)
- Priorities (was: Bind8 exploit and a deleted partition map) Dustin Mitchell (Feb 15)
- Re: Priorities (was: Bind8 exploit and a deleted partition map) Crist Clark (Feb 15)
- Re: Bind8 exploit and a deleted partition map Crist Clark (Feb 13)
- Re: Bind8 exploit and a deleted partition map Luciano Miguel Ferreira Rocha (Feb 13)
- <Possible follow-ups>
- Re: Bind8 exploit and a deleted partition map Justin Shore (Feb 14)