On Tue, 14 Mar 2000, Paul B. Brown wrote:
> Hummm . . . not if you do not have the device file created and have no
> way to configure one. hehehehehe! Like I said . . . minimal.
If you're root there's a way around NODEV since you have access to kmem.
A more interesting approach would be to modify ELF to include execution of
only signed binaries.
> > This means that loss of network connectivity to the log host is a good
> > denial of log attack.
>
> Only if you log using a NIC that is public. You could use a NIC whose
> only purpose is to support the firewall.
If the log host isn't on another network, which makes getting to the logs
a pain. Otherwise a coordinated attack could still render you logless.
Paul
-----------------------------------------------------------------------------
Paul D. Robertson "My statements in this message are personal opinions
[EMAIL PROTECTED] which may have no basis whatsoever in fact."
PSB#9280
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
