[Snort-users] SNORT (Linux) / MySQL (Win32)

robert schwartz robert at ...5775...
Thu Feb 12 11:57:01 EST 2004


> 
> Second, please tell me you don't have a compiler on the 
> firewall!  If you do, remove it.  A firewall should be just a 
> firewall, and having a compiler on it opens up all kinds of 
> Evil Things should the box ever be compromised.  The theory 
> is that an Evil Cracker can download and compile all sorts of 

Including downloading a compiler and compiling anything they want, or
compiling binaries on any machine in the world and downloading them.  Or
just using RPM's they downloaded.  If they can download then they can
download things like compilers and pre-compiled binaries and even RPM
packages to install compilers.  The real trick is to keep them from
having unrestricted Read Write Execute permissions and a shell in the
first place.  Deleting GCC from your distro won't help with that!

If someone has evidence of an incident where a compiler was used to
subvert a firewall, and not just used after the compromise, please
correct me.  And no if you didn't set permissions correctly on your
multi-user machine and a user exploited your own admin error, it doesn't
count.






More information about the Snort-users mailing list