|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: yes, its t0rn again
From: Andrew Edelstein (andrew
PURE-CHAOS.COM)Date: Wed Jan 03 2001 - 01:33:45 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Mon, Jan 01, 2001 at 05:19:37PM -0000, johnathan curst wrote:
> Another substancial Change which i picked up on
> was while setting up a honeypot, i did the usual
> md5sum binary output's saved onto non-writeable
> floppy, but the crontabed script which was checking
> for any changes to the md5sum results, was unable
> to pick up on any difference even though the hackers
> binaries replaced mine. (Any ideas ?) Hence taking
> me longer to detect the comrpomise..
Make sure your md5sum binary is also on immutable media. It doesn't do you any
good to have known good checksums, if the binary that does the checking can be
hacked to tell you what the hacker wants it to tell you.
-- Andrew Edelstein http://andrew.pure-chaos.comColonel Slade: There are 2 kinds of people in this world, Charlie. The first group is the people that face the music; the second group are those who run for cover. Cover is better. Scent of a Woman
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]