RE: Vulnerability Response (was: BGP TCP RST Attacks)

["Paul D. Robertson" <paul () compuwar net>]

On Tue, 1 Jun 2004, R. DuFresne wrote:

> > Strategically, I want to deal with it the right way- either removing the
> > dependence on RPC (hey, all my Linux systems don't need network-based RPC
> > anymore) or by getting the developers to give me better separation- MS is
> > actually starting to do that with
> > whatever-the-heck-the-next-bug-cluster-is-called.
>
> I do recall not long ago, some of these very same folks trying to work out
> how to do the same with SUN systems and RPC, which was then, a near
> nightmare iwth SUN's dependance or wish to depend upon RPC for many of
> it's services.  One might have thought that would have been a clue for the
> redmond crowd to hook into by now?!

I did a kernel module once that bound daemon sockets to loopback, worked
great for RPC services- but Sun's compiler hated me, so I ended up punting
and doing the POC on Linux (this was before GCC was 64-bit clean on
Sparc.)

Logic went something like "if there's no controlling TTY, and you're
trying to bind to if_any, then force the address for the call to loopback."
I eventually added parent process checking- it was a fun little hack-
unfortunately it only worked for things which went through the syscall
table- guess what- in-kernel network filesystems on Linux don't. *sigh*

Paul
-----------------------------------------------------------------------------
Paul D. Robertson      "My statements in this message are personal opinions
paul () compuwar net       which may have no basis whatsoever in fact."
probertson () trusecure com Director of Risk Assessment TruSecure Corporation
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards