Date: Sat, 9 Feb 2002 01:20:02 -0800 (PST) From: "f.johan.beisser" <jan@caustic.org> To: Andrew Kenneth Milton <akm@theinternet.com.au> Cc: Darren Reed <avalon@coombs.anu.edu.au>, Brett Glass <brett@lariat.org>, <security@FreeBSD.ORG> Subject: Re: Is the technique described in this article do-able with Message-ID: <20020209010627.Q21734-100000@localhost> In-Reply-To: <20020209190334.I32999@zeus.theinternet.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 9 Feb 2002, Andrew Kenneth Milton wrote:
> +-------[ f.johan.beisser ]----------------------
> |
> | i wouldn't put it that far down, just yet. i don't see how much of an
> | advantage it would be over a fully operational box, on the other hand.
>
> Even if it were in a comatose state, you might have some problems with
> using natd since your userland is gone. You could only use kernel space
> tools.
you're assuming ipfw, vs ipfilter. ipfilter is entirely run in the kernel.
at a guess, you could create a small distrobution of FreeBSD (similar to
picobsd) that works with ipfilter. the last i saw, though, picobsd is
broken, and not usable.
> I don't see any real difference over a FreeBSD box in a halted state
> (assuming it worked that way), and a Packet Filter that was running on
> {MS|Free}DOS.
well, the major difference may be in the intelligence of the OS.
essentially there is none, though.
> It might be easier (and faster) to configure FreeBSD not to come all the
> way up, (or restrict what does) rather than not to go all the way down
> (we have a nice rc system d8)
actually, if you're going that route, it's easier to strip the kernel
down, lock everything nicely with a securelevel (read up in init(8) about
this), and remount all of the drives read only. there's nothing preventing
anyone from doing that. there's also nothing to prevent you from booting
from a drive, and loading all the tools you need in to a ramdisk, and just
using that..
of course, this is going a bit more hardcore than most people want or
would.
-------/ f. johan beisser /--------------------------------------+
http://caustic.org/~jan jan@caustic.org
"John Ashcroft is really just the reanimated corpse
of J. Edgar Hoover." -- Tim Triche
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020209010627.Q21734-100000>