Snort mailing list archives
RE: SNORT (Linux) / MySQL (Win32)
From: "robert schwartz" <robert () mrsquirrel com>
Date: Thu, 12 Feb 2004 11:54:54 -0800
Second, please tell me you don't have a compiler on the firewall! If you do, remove it. A firewall should be just a firewall, and having a compiler on it opens up all kinds of Evil Things should the box ever be compromised. The theory is that an Evil Cracker can download and compile all sorts of
Including downloading a compiler and compiling anything they want, or compiling binaries on any machine in the world and downloading them. Or just using RPM's they downloaded. If they can download then they can download things like compilers and pre-compiled binaries and even RPM packages to install compilers. The real trick is to keep them from having unrestricted Read Write Execute permissions and a shell in the first place. Deleting GCC from your distro won't help with that! If someone has evidence of an incident where a compiler was used to subvert a firewall, and not just used after the compromise, please correct me. And no if you didn't set permissions correctly on your multi-user machine and a user exploited your own admin error, it doesn't count. ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SNORT (Linux) / MySQL (Win32) MVIBE (Feb 09)
- <Possible follow-ups>
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 09)
- RE: SNORT (Linux) / MySQL (Win32) Michael Steele (Feb 10)
- Re: SNORT (Linux) / MySQL (Win32) MVIBE (Feb 10)
- RE: SNORT (Linux) / MySQL (Win32) Fred McFeeters (Feb 11)
- Re: SNORT (Linux) / MySQL (Win32) M. Salman Farisi (Feb 10)
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 12)
- Re: SNORT (Linux) / MySQL (Win32) AJ Butcher, Information Systems and Computing (Mar 25)
- RE: SNORT (Linux) / MySQL (Win32) robert schwartz (Feb 12)
- RE: SNORT (Linux) / MySQL (Win32) AJ Butcher, Information Systems and Computing (Mar 25)
- Re: SNORT (Linux) / MySQL (Win32) JP Vossen (Feb 11)