AW: How to easily bypass a firewall...

[vogt () hansenet com]

> Whereas if they were using, say, NetBSD with IPFilter and turned
> the securelevel to be >= 2, you cannot turn off or otherwise change
> ipf's configuration without a reboot.
>
> Of course this then leads back to the problem of having all the
> requisite bootup files immutable to prevent trojan'ing and that
> can make things harder to administer than it is worth the effort.

Actually, the main effect is that you NOTICE. Usually, you monitor
your systems, and a reboot will show up, which will cause you to
take a look.
Which raises the bar for the attacker from "not being noticed by
the OS" to "not being noticed by the admin looking for something
that's wrong".


Tom

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html