> Whereas if they were using, say, NetBSD with IPFilter and turned > the securelevel to be >= 2, you cannot turn off or otherwise change > ipf's configuration without a reboot. > > Of course this then leads back to the problem of having all the > requisite bootup files immutable to prevent trojan'ing and that > can make things harder to administer than it is worth the effort.
Actually, the main effect is that you NOTICE. Usually, you monitor your systems, and a reboot will show up, which will cause you to take a look. Which raises the bar for the attacker from "not being noticed by the OS" to "not being noticed by the admin looking for something that's wrong". Tom _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
