Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Incidents: Re: yes, its t0rn again

Re: yes, its t0rn again

From: Andrew Edelstein <andrew_at_PURE-CHAOS.COM>
Date: Tue, 2 Jan 2001 23:33:45 -0800

On Mon, Jan 01, 2001 at 05:19:37PM -0000, johnathan curst wrote:
> Another substancial Change which i picked up on
> was while setting up a honeypot, i did the usual
> md5sum binary output's saved onto non-writeable
> floppy, but the crontabed script which was checking
> for any changes to the md5sum results, was unable
> to pick up on any difference even though the hackers
> binaries replaced mine. (Any ideas ?) Hence taking
> me longer to detect the comrpomise..

Make sure your md5sum binary is also on immutable media. It doesn't do you any
good to have known good checksums, if the binary that does the checking can be
hacked to tell you what the hacker wants it to tell you. 

--
Andrew Edelstein		http://andrew.pure-chaos.com
Colonel Slade: There are 2 kinds of people in this world, Charlie. The first
group is the people that face the music; the second group are those who run
for cover. Cover is better.
				Scent of a Woman
Received on Jan 03 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos