Re: Preventing exploitation with rebasing

[Brian Hatch <bugtraq () ifokr org>]

> With all the respect... I think your ideea is a BAD one ! Why ? Well... 
> It might be verry efective if one to... mhm... 100 persons would aply 
> this technique. That's because hackers/worms wouldn't mind loosing a few 
> servers if they got the rest of the world. But if this technique would 
> became a standard then the worm-industry (if there is such a thing) 
> would also evolve... making it brute-force the addreses. I admit that 
> brute-forcing would slow down the worm/hacker/whatever... but this is no 
> way of looking at the security. This is like protecting a house/store by 
> putting 15 doors that all could be easily broken... Of course there is a 
> chance that a thief trying to break in would get bored breaking door 
> after door... but if he's really determined... Well... I guess I made my 
> point.

I fail to see how adding security that doesn't have a performance
or stability cost is ever a bad thing.

No one is suggesting that the security community *rely* on this
technique for security.  It is an additional layer - the classic
'denfense in depth' that we are constantly touting.

People keep saying "but it won't stop everything", and that's true.
But since when have we turned down a security procedure that is
not a silver bullet against all evils?  I'd love to make it harder
for worms to attack my systems.  I'd love for them to take longer
to break into the machines down the hall.  That means things will
spread slower, and we can stop the damage quicker.  Why is this bad?

> Rebasing might be usefull up to some point. But it contains a "mental" 
> vulnerability. If one would apply this technique he would probably think 
> he is safe and neglect updating his security.

David has not suggested that this is a solution.   And any administrator
who has such a "mental" vulnerability probably has several other
non-rebasing related vulnerabilities on their servers anyway.  They
probably think that a firewall stops all attacks, so wouldn't bother
rebasing in the first place.  This is not a satisfying argument against
rebasing.

If rebasing causes a problem with performance, stability or the
ability to apply security-related patechs, that's a good argument
against it for that envoronment.  It may even be application-specific,
and I have no knowledge of how well you can perform it on Windows
boxen.  But I don't see any reason that you shouldn't if it can be
done right.

More layers of security are good...  additional layers of security
are good...  additional layers of security are good...



--
Brian Hatch                  Microbiology Lab:
   Systems and                Staph Only!
   Security Engineer
www.hackinglinuxexposed.com

Every message PGP signed

Attachment: _bin
Description: