chesty was once rumoured to have said:
> On Wed, Feb 28, 2001 at 10:49:32AM +1100, Umar Goldeli wrote:
>
> Removing uname isn't going to buy me much.
> find /proc -exec less {} \;
> /proc is bad, mmmkay.
>
> I've never tried to run a box without proc, I might give it a go.
It won't work very well. A lot of stuff relies on /proc.
> > > We have been advised to run ntp on the firewall so log time stamps are in
> > > sync. Another potential access point.
> >
> > Bind ntp to a particular interface and only allow port 123 from your ntp
> > server, also turn on the funky auth features (or you could do ipsec to
> > your ntp box ;)
>
> You bring up a good point about ntp auth, obviously ntp will be
> filtered, but that won't stop forged packets (and unfortunately,
> neither will some of our routers (yet)). I wonder if someone could
> send bogus ntp packets and shift the time on the firewall?
This is what stateful inspection firewalls or very tight firewall
rulesets are for. Only accept NTP replies from systems you've
queried, that way they have to compromise the time server(s) too.
C.
--
--==============================================--
Crossfire | This email was brought to you
[EMAIL PROTECTED] | on 100% Recycled Electrons
--==============================================--
--
SLUG - Sydney Linux User Group Mailing List - http://slug.org.au/
More Info: http://slug.org.au/lists/listinfo/slug
