Date: Tue, 27 Jul 1999 09:37:09 -0700 (PDT) From: Matthew Dillon <dillon@apollo.backplane.com> To: Mike Pritchard <mpp@mpp.pro-ns.net> Cc: green@FreeBSD.ORG (Brian F. Feldman), jgreco@ns.sol.net (Joe Greco), hackers@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG Subject: Re: securelevel and ipfw zero Message-ID: <199907271637.JAA54522@apollo.backplane.com> References: <199907271151.GAA02583@mpp.pro-ns.net>
next in thread | previous in thread | raw e-mail | index | archive | help
:But it might be hiding a real security threat/attack or a real breakin.
:Say I've spent all night trying to hack into your machine and finally get in.
:If I can reset all of ipfw's counters back to zero, and this is
:something your security checking scripts are checking, you might not
:think that anyone has even been trying to break into your machine, much
:less made it into the machine. If I have some inside information,
:I could probably even get the counters back into the range where you
:might expect them to be at.
:
:Hopefully if this were to happen, you might see some other console/syslog
:messages or something else that catches your eye, but then again,
:maybe not.
:
:Just to help out people running at higher security levels, you could
:always implement something that lets you reset the values to some
:...
:Mike Pritchard
I find this scenario highly unlikely. I can think of a thousand things.
Well, a dozen anyway, that said hacker could do to the machine that are
far more serious then clearing ipfw counters. And for that reason, I
don't really consider it a realistic scenario. The hacker isn't going to
give a damn about the ipfw counters.
-Matt
Matthew Dillon
<dillon@backplane.com>
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199907271637.JAA54522>