Security Incidents mailing list archives

Re: Openbsd 3.2 wtmp delay and named backdoor

From: Jose Nazario <jose () monkey org>
Date: Mon, 20 Jan 2003 21:17:06 -0500 (EST)

the wtmp delay appears to be caused by dns lookups. some testing at home
produced the same delay, looking at the traffic showed it was trying to
resolve an internal hostname.

i agree with eric that the named syslog mechanism could go with a healthy
dose of paranoia and use a non-root syslog user. note that syslogd can be
systraced quite nicely, as well.

___________________________
jose nazario, ph.d.                     jose () monkey org
                                        http://www.monkey.org/~jose/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Current thread:

Openbsd 3.2 wtmp delay and named backdoor Eric Weaver (Jan 19)
- Message not available
  - Re: Openbsd 3.2 wtmp delay and named backdoor Jose Nazario (Jan 23)
- Re: Openbsd 3.2 wtmp delay and named backdoor Valdis . Kletnieks (Jan 23)