Great Circle Associates Firewalls
(November 1994)
 

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: IP forwarding and ndd under Solaris 2.x
From: harker @ harker . com (Robert Harker)
Date: Thu, 3 Nov 94 06:06:47 PST
To: ccsis @ bath . ac . uk, curnutt @ stoner . com
Cc: firewalls @ greatcircle . com

Yes I know you don't leave adb on the firewall, I'm not a twit.
(like the mis-quote implies)

I was more curious as to what adb incantation you use on which module
and can you even do this with out buying the SunPro compiler tools

I also realize that if someone breaks in as root they can bring over a copy of
adb an undo the changes, or even replace the kernel modules with un-modified
versions (easier to do).  But this type of change would be much more likely
to be noticed (tripwire would be likely to detect it if nothing else)

But if this parameter is being set in kernel memory by the ndd program,
then if someone changes it, tools like tripwire or other checksum
detection tools would not be able to detect the change.  I guess we
will just have to run another tripwire like tool that checks all of the ndd
paramters (tripndd?) that we will have to keep on read only media

RLH

Indexed By Date Previous: Re: Firewalls built on SCO UNIX
From: prologic!sar @ uunet . uu . net
Next: Re: IPX, and packet flooding.
From: Mark Verber <verber @ parc . xerox . com>
Indexed By Thread Previous: Re: IP forwarding and ndd under Solaris 2.x
From: mulligan @ future . incog . com
Next: Re: Encrypted email
From: Brent Chapman <brent @ miles . greatcircle . com>

Google
 
Search Internet Search www.greatcircle.com