Bugtraq mailing list archives
Re: Preventing exploitation with rebasing
From: Brian Hatch <bugtraq () ifokr org>
Date: Tue, 4 Feb 2003 12:08:48 -0800
With all the respect... I think your ideea is a BAD one ! Why ? Well... It might be verry efective if one to... mhm... 100 persons would aply this technique. That's because hackers/worms wouldn't mind loosing a few servers if they got the rest of the world. But if this technique would became a standard then the worm-industry (if there is such a thing) would also evolve... making it brute-force the addreses. I admit that brute-forcing would slow down the worm/hacker/whatever... but this is no way of looking at the security. This is like protecting a house/store by putting 15 doors that all could be easily broken... Of course there is a chance that a thief trying to break in would get bored breaking door after door... but if he's really determined... Well... I guess I made my point.
I fail to see how adding security that doesn't have a performance or stability cost is ever a bad thing. No one is suggesting that the security community *rely* on this technique for security. It is an additional layer - the classic 'denfense in depth' that we are constantly touting. People keep saying "but it won't stop everything", and that's true. But since when have we turned down a security procedure that is not a silver bullet against all evils? I'd love to make it harder for worms to attack my systems. I'd love for them to take longer to break into the machines down the hall. That means things will spread slower, and we can stop the damage quicker. Why is this bad?
Rebasing might be usefull up to some point. But it contains a "mental" vulnerability. If one would apply this technique he would probably think he is safe and neglect updating his security.
David has not suggested that this is a solution. And any administrator who has such a "mental" vulnerability probably has several other non-rebasing related vulnerabilities on their servers anyway. They probably think that a firewall stops all attacks, so wouldn't bother rebasing in the first place. This is not a satisfying argument against rebasing. If rebasing causes a problem with performance, stability or the ability to apply security-related patechs, that's a good argument against it for that envoronment. It may even be application-specific, and I have no knowledge of how well you can perform it on Windows boxen. But I don't see any reason that you shouldn't if it can be done right. More layers of security are good... additional layers of security are good... additional layers of security are good... -- Brian Hatch Microbiology Lab: Systems and Staph Only! Security Engineer www.hackinglinuxexposed.com Every message PGP signed
Attachment:
_bin
Description:
Current thread:
- Re: Preventing exploitation with rebasing, (continued)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 04)
- Re: Preventing exploitation with rebasing Eugene Tsyrklevich (Feb 04)
- Re: Preventing exploitation with rebasing Torbjörn Hovmark (Feb 04)
- Re: Preventing exploitation with rebasing dullien (Feb 05)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 04)
- Re[2]: Preventing exploitation with rebasing dullien (Feb 04)
- RE: Preventing exploitation with rebasing Jason Coombs (Feb 04)
- Re: Preventing exploitation with rebasing Charlie Root (Feb 05)
- Re: Preventing exploitation with rebasing David Litchfield (Feb 05)
- Re: [VulnDiscuss] Re: Preventing exploitation with rebasing Halvar Flake (Feb 05)
- Re: Preventing exploitation with rebasing Brian Hatch (Feb 05)
- Re: Preventing exploitation with rebasing Alan DeKok (Feb 05)
- Re: Can't Preventing exploitation with rebasing bugtraq (Feb 05)
- Re[2]: Can't Preventing exploitation with rebasing dullien (Feb 05)
- Observation on randomization/rebiasing... Nicholas Weaver (Feb 05)
- RE: Observation on randomization/rebiasing... Jason Coombs (Feb 05)
- Re: Preventing exploitation with rebasing Crispin Cowan (Feb 05)
- Re: Preventing exploitation with rebasing David S Goldberg (Feb 05)
- Re: Preventing exploitation with rebasing Alun Jones (Feb 05)
- Re: Preventing exploitation with rebasing Deus, Attonbitus (Feb 06)