Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 27 Jul 1999 09:37:09 -0700 (PDT)
From:      Matthew Dillon <>
To:        Mike Pritchard <>
Cc:        green@FreeBSD.ORG (Brian F. Feldman), (Joe Greco), hackers@FreeBSD.ORG, freebsd-ipfw@FreeBSD.ORG
Subject:   Re: securelevel and ipfw zero
Message-ID:  <>
References:   <>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
:But it might be hiding a real security threat/attack or a real breakin.  
:Say I've spent all night trying to hack into your machine and finally get in.  
:If I can reset all of ipfw's counters back to zero, and this is 
:something your security checking scripts are checking, you might not 
:think that anyone has even been trying to break into your machine, much
:less made it into the machine.  If I have some inside information, 
:I could probably even get the counters back into the range where you
:might expect them to be at.
:Hopefully if this were to happen, you might see some other console/syslog
:messages or something else that catches your eye, but then again,
:maybe not.
:Just to help out people running at higher security levels, you could
:always implement something that lets you reset the values to some
:Mike Pritchard

    I find this scenario highly unlikely.  I can think of a thousand things.
    Well, a dozen anyway, that said hacker could do to the machine that are 
    far more serious then clearing ipfw counters.  And for that reason, I
    don't really consider it a realistic scenario.  The hacker isn't going to
    give a damn about the ipfw counters.

					Matthew Dillon 

To Unsubscribe: send mail to
with "unsubscribe freebsd-ipfw" in the body of the message

Want to link to this message? Use this URL: <>