From owner-freebsd-hackers Sun Aug 23 17:53:54 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id RAA13680 for freebsd-hackers-outgoing; Sun, 23 Aug 1998 17:53:54 -0700 (PDT) (envelope-from owner-freebsd-hackers@FreeBSD.ORG) Received: from jumping-spider.aracnet.com (jumping-spider.aracnet.com [205.159.88.14]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id RAA13665 for ; Sun, 23 Aug 1998 17:53:48 -0700 (PDT) (envelope-from beattie@aracnet.com) Received: from shell2.aracnet.com (IDENT:beattie@shell2.aracnet.com [205.159.88.20]) by jumping-spider.aracnet.com (8.9.1/8.9.0) with ESMTP id RAA24709; Sun, 23 Aug 1998 17:51:26 -0700 Received: from localhost by shell2.aracnet.com (8.8.7) id RAA10738; Sun, 23 Aug 1998 17:52:56 -0700 Date: Sun, 23 Aug 1998 17:52:56 -0700 (PDT) From: Brian Beattie To: Mikael Karpberg cc: "B. Richardson" , hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. In-Reply-To: <199808220009.CAA05667@ocean.campus.luth.se> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-hackers@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG This approach will no no good, if the hackesr can down load a binary, because they see what has been done. I thought scrambling the syscall table was good but it also falls to the dowloaded binaty, although it is a lot harder to decipher. I was thinking you could encrypt all your binariaes and use a scheme like the compressed executables. unfortubately this would fall prey to the know plaintext attack. I would say that of the ideas I have herad so far the scrambled syscall table seems to have the best band for the buck. On Sat, 22 Aug 1998, Mikael Karpberg wrote: > According to B. Richardson: > > > > > > I have a problem with some hackers that are obsessed with making my > > ISP's life miserable (they've already hacked our SGI). I've slapped > > together a FreeBSD box to throw their webpages on it, turned off all > > services except http. > > > > The hackers have expressed intent to break into our machines at > > any opportunity (they seem to be infuriated that we intervened and > > was able to keep a couple of services up on our SGI). > > > > The hackers relentlessly attacked our machine every time we tried to > > bring our SGI online for a 48 hour stretch, and I believe that are > > going to try to break into our new machines with the same fervor. > > > > What I want to do, if possible is build a uniq system such that binaries > > from other systems will not run on it and vice versa. Is this possible? > > One simple way could be to just change the "magic number" on the binaries, > maybe, and disable all linux compat, etc? > > /Mikael > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-hackers" in the body of the message > Brian Beattie | If my corporate life has taught me anything, beattie@aracnet.com | it was that running multi-million dollar www.aracnet.com/~beattie | projects in no way implied managerial competence. | Tony Porczyk ( in comp.unix.bsd.freebsd.misc ) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message