Re: Tripwire Probs On 7x

Begin <1%4Bj.81$Uo.11@xxxxxxxxxxxx>
On Mon, 10 Mar 2008 02:59:08 -0400, Timmy <Timmy@xxxxxxxxxxx> wrote:
[failure to trim corrected]
And there is that the OP didn't mention developers but merely
mentioned ``online'', which I took to mean hook up on the public 'net.

Hooking up 'online' is a far more hostel place than the work place
that Steve described, without tripwire those guys wouldn't know who's
doing what.

You misspelt ``hostile''. A hostel is something else entirely again. As
I also noted, if tripwire is the only thing keeping your developers in
line, then the systems management (or the general management) is failing
in other ways.

The public internet has an entirely different threat model. If you find
your developers install rootkits, you fire them and maybe sue them. It's
harder to do that with the k1dd13 who's now using your windows desktops
to spew spam around.


jpd, how do you know that your box hasn't been r00ted? Without tripwire
or it's equivalents, you really can't say for sure.

There are many ways, variously effective. Please note that I never said
--and now also do not say-- that tripwire is a bad idea or should not be
used. I did point out that it is merely one option out of many and asked
why you thought you couldn't live without that one specific option.


After reading
Exploiting Software: How to Break Code (Addison-Wesley Software
Security Series) by Greg Hoglund and Gary McGraw.

I had a windows box that I wasn't using, it had windows/me. I was going
to give it to my aunt but she decided to buy a new computer. While
reading this book I decided to use this box as a test computer for
exploits while reading this book. The exploitation of buffer-overflow
SCARED THE LIVING *** OUT ME!! I'm thinking, it can't be that easy, I
owned that box in about 5-minutes. Toward the end of the book, they got
into rootkits. The explanation of rootkits and their comparison of
drivers were outstanding!

I don't think I trust your judgement, as it seems to be entirely based
on fears, and not so much on understanding. As I pointed out already,
FreeBSD is not windows. I think you still haven't gotten the message.

In contrast, I have seen exploits come into existence through hard work,
and have enough background to understand how they work without reading
populistic books about it.

I am not afraid to run a fresh recent FreeBSD install without firewall
on the public internet exactly because I know something about the issues
involved. This doesn't mean I don't use firewalls. On the contrary. But
I daresay I can make better judgements about why and how to use the tools
available than you've demonstrated so far.


--
j p d (at) d s b (dot) t u d e l f t (dot) n l .
This message was originally posted on Usenet in plain text.
Any other representation, additions, or changes do not have my
consent and may be a violation of international copyright law.
.