Hi shimi,
> Now tell me, what bothers him (i still don't understand how will he
> connect if no services are running at all, and no terminals on the system
> at all) - but - in case that he somehow does - what botehrs him just
> dumping a compiled binary and run it? :-)
> Don't tell me, you erased ch* too ;-)
Tadaaaa. :o) There you got the difference between a CD-driven firewall and
one which runs on a read-write environment like a hardisk <g>. That is
exactly the archilles heel. You can just look at a binary in vi and then copy
and paste it to the target system if it has the same architecture.
On the other hand: When you run the OS off the CD and you got some memory to
burn, what about creating a RAMdisk and using that for the storage of
hacker-binaries?
There will always be ways to make bad things happen once someone has dodged
all the defenses and got root access. But with the proper setup you can make
that so darn difficult that it's quite a challenge. Like denying all
incomming traffic originating from the outside, or with stateful inspection
of packets, which is also quite helpful.
Professional solutions for high risk targets usually include several
firewalls which supervise and control each other. So if someone penetrates
the first, outer firewall, then the next in line will notice this and will
then shutdown the compromised one. I think the freely available SINUS
adaptive firewall operates along those lines, too.
--
Mit freundlichen Gr��en / With best regards
Michael Stauber
�Stauber Multimedia Design ____ Phone: �+49-6081-946240
�Eppsteiner Weg 9 ___ �D-61267 Neu-Anspach ___ Germany
�SMD.NET ___ SOLARSPEED.NET ___ FORUMWORLD.COM
_______________________________________________
cobalt-security mailing list
[EMAIL PROTECTED]
http://list.cobalt.com/mailman/listinfo/cobalt-security
