<a href="http://g.adspeed.net/ad.php?do=clk&zid=14678&wd=728&ht=90&pair=as" target="_top"><img style="border:0px;" src="http://g.adspeed.net/ad.php?do=img&zid=14678&wd=728&ht=90&pair=as" alt="i" width="728" height="90"/></a>

Nmap Security Scanner

Docs
Security Lists

Full Disclosure

More
Security Tools

Packet crafters

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

edgeos

Honeypots: Re: sebek as a patch?

Re: sebek as a patch?

From: <Valdis.Kletnieks_at_vt.edu>
Date: Wed, 05 Oct 2005 15:18:24 -0400

On Thu, 06 Oct 2005 01:29:21 +0900, NAHieu said:

(Just a gentle reminder for the readers)...

> In sebek environment, we better disable /dev/{kmem,mem}, together with
> loading module capability. Then nobody can no longer access to kernel
> memory, no?

Barring *other* bugs/issues. One of the single most dangerous things when
doing security is confusing "all known ways of doing XYZ are blocked" with
"there is no possible way of doing XYZ".

(And another reminder for everybody - remember to trim extraneous quoted
material..)

application/pgp-signature attachment: stored

Received on Oct 05 2005

This message: [ Message body ]
Next message: Daniel J. Axtens: "Re: sebek as a patch?"
Previous message: NAHieu: "Re: sebek as a patch?"
In reply to: NAHieu: "Re: sebek as a patch?"
Next in thread: Daniel J. Axtens: "Re: sebek as a patch?"
Reply: Daniel J. Axtens: "Re: sebek as a patch?"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]

edgeos