Security Incidents mailing list archives
Re: More rootkit defense
From: gabriel rosenkoetter <gr () ECLIPSED NET>
Date: Wed, 28 Mar 2001 18:15:56 -0500
On Tue, Mar 27, 2001 at 10:23:35AM -0800, Phil Stracchino wrote:
True, but why not exploit their weaknesses while they're available?
There's always the cockroach/virus principle.
Teach them about chattr (especially with a script that does the work
for you... hrm, doesn't that sound familiar?), and it'll be
accounted for next time around.
I don't see why any of this is a substitute to upgrading your name
servers to a safe version of BIND, running it as an unprivileged
user, and chroot'ing it. It's really not hard, and it's the only way
to be sure that all you'll lose if what you thought was a safe BIND
is compromised is the name server itself, not access to your machine
and network.
Suggesting you can't afford the outtage to upgrade to BIND9 is
ridiculous considering the outtage that rebuilding a machine causes.
~ g r @ eclipsed.net
Current thread:
- More rootkit defense Phil Stracchino (Mar 27)
- Message not available
- Re: More rootkit defense Phil Stracchino (Mar 27)
- Re: More rootkit defense gabriel rosenkoetter (Mar 28)
- Re: More rootkit defense Phil Stracchino (Mar 28)
- Re: More rootkit defense gabriel rosenkoetter (Mar 28)
- Re: More rootkit defense Phil Stracchino (Mar 27)
- Message not available
- Re: More rootkit defense Phil Stracchino (Mar 28)