Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Jul 1999 09:37:09 -0700 (PDT)
From:      Matthew Dillon <dillon@apollo.backplane.com>
To:        Mike Pritchard <mpp@mpp.pro-ns.net>
Cc:        green@FreeBSD.ORG (Brian F. Feldman), jgreco@ns.sol.net (Joe Greco), hackers@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG
Subject:   Re: securelevel and ipfw zero
Message-ID:  <199907271637.JAA54522@apollo.backplane.com>
References:   <199907271151.GAA02583@mpp.pro-ns.net>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
:But it might be hiding a real security threat/attack or a real breakin.  
:Say I've spent all night trying to hack into your machine and finally get in.  
:If I can reset all of ipfw's counters back to zero, and this is 
:something your security checking scripts are checking, you might not 
:think that anyone has even been trying to break into your machine, much
:less made it into the machine.  If I have some inside information, 
:I could probably even get the counters back into the range where you
:might expect them to be at.
:
:Hopefully if this were to happen, you might see some other console/syslog
:messages or something else that catches your eye, but then again,
:maybe not.
:
:Just to help out people running at higher security levels, you could
:always implement something that lets you reset the values to some
:...
:Mike Pritchard

    I find this scenario highly unlikely.  I can think of a thousand things.
    Well, a dozen anyway, that said hacker could do to the machine that are 
    far more serious then clearing ipfw counters.  And for that reason, I
    don't really consider it a realistic scenario.  The hacker isn't going to
    give a damn about the ipfw counters.

					-Matt
					Matthew Dillon 
					<dillon@backplane.com>


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ipfw" in the body of the message




Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?199907271637.JAA54522>