Re: Openbsd 3.2 wtmp delay and named backdoor

From: Jose Nazario (joseat_private)
Date: Mon Jan 20 2003 - 18:17:06 PST

Next message: Jason Coombs: "RE: Hacked web server"

Previous message: John Pugh: "Re: Hacked web server"
Next in thread: Crist J. Clark: "Re: Openbsd 3.2 wtmp delay and named backdoor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

the wtmp delay appears to be caused by dns lookups. some testing at home
produced the same delay, looking at the traffic showed it was trying to
resolve an internal hostname.

i agree with eric that the named syslog mechanism could go with a healthy
dose of paranoia and use a non-root syslog user. note that syslogd can be
systraced quite nicely, as well.

___________________________
jose nazario, ph.d.			joseat_private
					http://www.monkey.org/~jose/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Jason Coombs: "RE: Hacked web server"
Previous message: John Pugh: "Re: Hacked web server"
Next in thread: Crist J. Clark: "Re: Openbsd 3.2 wtmp delay and named backdoor"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Thu Jan 23 2003 - 08:56:48 PST