On Mon, Feb 21, 2000 at 09:14:53AM -0500, Jason Hirsch wrote:
> On Mon, 21 Feb 2000, Michael H. Warfield wrote:
> > On Sun, Feb 20, 2000 at 10:23:28PM -0800, M. Erickson wrote:
> > > where can I get more info on this rootkit and how to defend against it?
> > > some fsck is taking down a couple of my friends' boxes.
> > > /me
> > ADMROCKS is an attack against name daemons which are not up
> > to date. Like lots of other security holes, the defense is to stay
> > up to date on the RPM. There are update RPMS from RedHat for bind
> > which eliminate this problem.
> > If they are vulnerable to ADMROCKS then chances are they are
> > vulnerable to a variety of other holes. Time to camp out on the RedHat
> > errata pages and get everything up to date.
> Not to push an issue-
> Awhile back someone (with an email @redhat.com) asked in (what i thought
> was) seriousness about a 'service pack' style fix. I read this post and
> think "Wow. To think that for NT all I have to do is run 1 program and
> all the bugs are fixed". Yes, I know more is usually broken. Yes, I know
> that not all of them are fixes. Yes, I know you are going to tell me
> Linux is better than NT.
> But if my choice is downloading a service pack that will fix 'major'
> security holes and reading down a checklist of a few hundred, i'm gonna go
> for the service pack.
Why not just use autorpm then? If that's what you want to do, then
just setup autorpm to point at the updates site, run it nightly, and
configure it to automatically update all the packages you already have
installed. You don't have to paw "down a checklist of a few hundred"
and autorpm is no more likely to commit random acts of terrorism on
your system than installing a big honker service pack. You also have
the advantage that your "exposure latency" is reduced to one day or less
after the release of the RPM. If you waited for the monthly "service
pack" you could be in a world of hurt in that months time.
> My firewall is kept up to date, but the machines on the inside? Not worth
> the effort to update stuff that I may or may not use.
> So, in askance, why not have a monthly 'service pack' of files that should
> be applied to a base install, since updated ISO images aren't in
> existance?
Because a monthly service pack has no advantages and several
disadvantages over the existing setup of updates with autorpm?
> Jason Hirsch
> > > ________________________________________________________________
> > > Mike Erickson <[EMAIL PROTECTED]> http://www.fix.net/~merickson/
> > > "The world is my country and my religion is to do good."-T Paine
> > Mike
> > --
> > Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
> > (The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
> > NIC whois: MHW9 | An optimist believes we live in the best of all
> > PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
Mike
--
Michael H. Warfield | (770) 985-6132 | [EMAIL PROTECTED]
(The Mad Wizard) | (770) 331-2437 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
--
To unsubscribe: mail [EMAIL PROTECTED] with "unsubscribe"
as the Subject.
