Security Incidents mailing list archives
Re: More rootkit defense
From: gabriel rosenkoetter <gr () ECLIPSED NET>
Date: Wed, 28 Mar 2001 18:15:56 -0500
On Tue, Mar 27, 2001 at 10:23:35AM -0800, Phil Stracchino wrote:
True, but why not exploit their weaknesses while they're available?
There's always the cockroach/virus principle. Teach them about chattr (especially with a script that does the work for you... hrm, doesn't that sound familiar?), and it'll be accounted for next time around. I don't see why any of this is a substitute to upgrading your name servers to a safe version of BIND, running it as an unprivileged user, and chroot'ing it. It's really not hard, and it's the only way to be sure that all you'll lose if what you thought was a safe BIND is compromised is the name server itself, not access to your machine and network. Suggesting you can't afford the outtage to upgrade to BIND9 is ridiculous considering the outtage that rebuilding a machine causes. ~ g r @ eclipsed.net
Current thread:
- More rootkit defense Phil Stracchino (Mar 27)
- Message not available
- Re: More rootkit defense Phil Stracchino (Mar 27)
- Re: More rootkit defense gabriel rosenkoetter (Mar 28)
- Re: More rootkit defense Phil Stracchino (Mar 28)
- Re: More rootkit defense gabriel rosenkoetter (Mar 28)
- Re: More rootkit defense Phil Stracchino (Mar 27)
- Message not available
- Re: More rootkit defense Phil Stracchino (Mar 28)