RE: SNORT (Linux) / MySQL (Win32)

["robert schwartz" <robert () mrsquirrel com>]

> Second, please tell me you don't have a compiler on the 
> firewall!  If you do, remove it.  A firewall should be just a 
> firewall, and having a compiler on it opens up all kinds of 
> Evil Things should the box ever be compromised.  The theory 
> is that an Evil Cracker can download and compile all sorts of 

Including downloading a compiler and compiling anything they want, or
compiling binaries on any machine in the world and downloading them.  Or
just using RPM's they downloaded.  If they can download then they can
download things like compilers and pre-compiled binaries and even RPM
packages to install compilers.  The real trick is to keep them from
having unrestricted Read Write Execute permissions and a shell in the
first place.  Deleting GCC from your distro won't help with that!

If someone has evidence of an incident where a compiler was used to
subvert a firewall, and not just used after the compromise, please
correct me.  And no if you didn't set permissions correctly on your
multi-user machine and a user exploited your own admin error, it doesn't
count.




-------------------------------------------------------
SF.Net is sponsored by: Speed Start Your Linux Apps Now.
Build and deploy apps & Web services for Linux with
a free DVD software kit from IBM. Click Now!
http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users