Security Incidents mailing list archives
Re: Openbsd 3.2 wtmp delay and named backdoor
From: Jose Nazario <jose () monkey org>
Date: Mon, 20 Jan 2003 21:17:06 -0500 (EST)
the wtmp delay appears to be caused by dns lookups. some testing at home produced the same delay, looking at the traffic showed it was trying to resolve an internal hostname. i agree with eric that the named syslog mechanism could go with a healthy dose of paranoia and use a non-root syslog user. note that syslogd can be systraced quite nicely, as well. ___________________________ jose nazario, ph.d. jose () monkey org http://www.monkey.org/~jose/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
Current thread:
- Openbsd 3.2 wtmp delay and named backdoor Eric Weaver (Jan 19)
- Message not available
- Re: Openbsd 3.2 wtmp delay and named backdoor Jose Nazario (Jan 23)
- Message not available
- Re: Openbsd 3.2 wtmp delay and named backdoor Valdis . Kletnieks (Jan 23)