Security Incidents mailing list archives
Re: More rootkit defense
From: Phil Stracchino <alaric () BABCOM COM>
Date: Wed, 28 Mar 2001 15:48:41 -0800
On Wed, Mar 28, 2001 at 06:15:56PM -0500, gabriel rosenkoetter wrote:
On Tue, Mar 27, 2001 at 10:23:35AM -0800, Phil Stracchino wrote:True, but why not exploit their weaknesses while they're available?There's always the cockroach/virus principle. Teach them about chattr (especially with a script that does the work for you... hrm, doesn't that sound familiar?), and it'll be accounted for next time around. I don't see why any of this is a substitute to upgrading your name servers to a safe version of BIND, running it as an unprivileged user, and chroot'ing it.
Oh, I never for one second suggested that it was; merely that it was a simple additional precaution that the skript-kiddies appear to have overlooked for now. If a simple additional precaution against automated compromise is available, not using it merely because it's not in itself foolproof and might become ineffective in the future is shortsighted and foolish. That's like not bothering to lock the door of your house when you go away on vacation because a burglar might conceivably pick the lock, or not getting a tetanus booster because it won't protect you against hepatitis.
Suggesting you can't afford the outtage to upgrade to BIND9 is ridiculous considering the outtage that rebuilding a machine causes.
Is BIND9 stable yet? Last time I looked (which was only a few weeks ago), the cautions on the ISC site gave me the strong impression that it was considered to be still in beta, supported only a subset of BIND8 functionality, and in general was not recommended for use on production systems. -- Linux Now! ..........Because friends don't let friends use Microsoft. phil stracchino -- the renaissance man -- mystic zen biker geek Vr00m: 2000 Honda CBR929RR -- Cage: 2000 Dodge Intrepid R/T Previous vr00mage: 1986 VF500F (sold), 1991 VFR750F3 (foully murdered)
Current thread:
- More rootkit defense Phil Stracchino (Mar 27)
- Message not available
- Re: More rootkit defense Phil Stracchino (Mar 27)
- Re: More rootkit defense gabriel rosenkoetter (Mar 28)
- Re: More rootkit defense Phil Stracchino (Mar 28)
- Re: More rootkit defense gabriel rosenkoetter (Mar 28)
- Re: More rootkit defense Phil Stracchino (Mar 27)
- Message not available
- Re: More rootkit defense Phil Stracchino (Mar 28)