ok i see where you're coming from... the fire wall is one way so requests won't work...
the second machine just monitors and on reboot, it logs in via ssh... so if i understand it correctly the hacker then has to subvert sshd (or if it is a serial console - then getty?) knowing specifically what to look for etc... the advantage of custom one off security solutions is that standard automated attacks don't... however it's no real defence against an expert working "by hand"... not intended to be perfect security... (there's no such thing) just intended to make it more difficult... giving more time to detect the intrusion and pull the plug / or whatever... Sean Owen Boyle wrote: > > Sean O'Riordain wrote: > > > > perhaps if the script was on another machine the far side of a one-way > > firewall ? > > Sneaky... But I'm a root-privileged hacker on the web-server, remember. > So all I have to do is make the same request of your "pass-phrase > server" that the web-server makes when it boots then get the pass-phrase > from the reply. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
