[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: IDS: strings in backdoor binaries
Archive: http://msgs.securepoint.com/ids
FAQ: http://www.ticm.com/kb/faq/idsfaq.html
IDS: http://www-rnks.informatik.tu-cottbus.de/~sobirey/ids.html
HELP: Having problems... email questions to ids-owner@uow.edu.au
NOTE: Remove this section from reply msgs otherwise the msg will bounce.
SPAM: DO NOT send unsolicted mail to this list.
UNSUBSCRIBE: email "unsubscribe ids" to majordomo@uow.edu.au
-----------------------------------------------------------------------------
Hi - actually, tripewire *IS* commerical software - see
http://www.tripewire.com
You might want to ask them your question (it's not clear I
understand your question.)
And spending money may give you a warm fuzzy feeling but it's
security based on obscurity.
Second, we've been hacked twice and both times the sniffer and
the backdoor daemon were placed in the directory
...
in /var/spool/lp - directories typically not checked by tripewire
or aide because of the noise it would generate.
Detecting trojan horses is only a small part of any security policy -
and just about any *simple* minded scheme will work for gathering
digital signatures on critical system binaries provided it's implemented
in a secure manner.
-- Ken
========================================================================
Kenneth Simpson Well Connected Computing, Inc.
Email: ken@wellconnected.com 1001 Bridgeway
URL: http://wellconnected.com/ Suite 630
Voice: +1.415.332.5018 Sausalito, CA 94965
FAX: +1.415.331.1668 USA, Earth
========================================================================
|
