Known-exploit detection for the kernel
Known-exploit detection for the kernel
Posted Dec 19, 2013 6:14 UTC (Thu) by wahern (subscriber, #37304)In reply to: Known-exploit detection for the kernel by PaulWay
Parent article: Known-exploit detection for the kernel
Adding any security which can be easily circumvented is no security at all. All it takes is one person to write the circumvention code and to share it.
There are people doing the thankless job of actually preemptively scanning the code for vulnerabilities and fixing them. Those guys are priceless. Why they keep doing it when all the fame and adulation goes to this kind of stuff, port knocking, and other crazy schemes.... well, I wish their commitment could spread the same way interest in these schemes do.
These schemes only work as long as they're not widely adopted. Once they're widely adopted, they get added into the kiddie scripts. Then you're left with a bunch of useless code which only adds to your attack surface.
Posted Dec 19, 2013 7:11 UTC (Thu)
by noxxi (subscriber, #4994)
[Link] (3 responses)
Posted Dec 19, 2013 7:50 UTC (Thu)
by dlang (guest, #313)
[Link] (2 responses)
Posted Dec 19, 2013 9:36 UTC (Thu)
by zlynx (guest, #2285)
[Link] (1 responses)
If he can DOS the log server, it won't record anything except a pile of junk. Once he gets root he can kill -9 the log service, clean the logs and restart it.
Just another thing to watch out for.
Posted Dec 19, 2013 16:30 UTC (Thu)
by Funcan (subscriber, #44209)
[Link]
Known-exploit detection for the kernel
Thus the log entry can be used as a canary by the admin to detect if an account might be compromised and lock it down before worse exploits will be tried.
Known-exploit detection for the kernel
Known-exploit detection for the kernel
Known-exploit detection for the kernel