I'm just curious, has anyone played with the idea of having two
machines have concurrent access to a scsi drive?
I'm not even sure if its possible in the x86 world, but on Sparcs
running Solaris, at least, you can have two different controllers
access the same drive, doing this you could have a system constantly
monitor what was being written to the disk, without it being in
danger of being affected itself.
jeff
> One convenience for some systems is to create a mountable and bootable
> CDROM with:
> 1. The md5sums
> 2. A program for checking the md5sums. If you write one of your own
> in C or some other language that generates executable code you
> increase the difficulty of a modified kernel recognizing and
> defeating it.
> 3. A usable small complete OS for initial forensics.
>
> A modified kernel can hide modifications by trapping filesystem I/O, so
> only rebooting directly from the CDROM with the known good OS and tools
> is the only way to detect kernel modifications. Using a CDROM is just a
> convenience. It avoids dis-assembling the computer to take the suspect
> disks over to another known good system for analysis. It is usually
> much easier to reboot from the CDROM.
>
> If they've penetrated the boot ROM, well, you can reflash it from a
> known good copy.
>
> R Horn
>
--
Jeff Bachtel (NOC,CIS,TAMU) http://www.cepheid.org/~jeff
[finger jeff_at_cepheid.org for PGP key]
Mountain Dew and doughnuts...
because breakfast is the most important meal of the day.
Received on Jan 05 2001
Intro
