From owner-freebsd-security  Mon Sep  3  5:18:18 2001
Delivered-To: freebsd-security@freebsd.org
Received: from pa169.kurdwanowa.sdi.tpnet.pl (pa169.kurdwanowa.sdi.tpnet.pl [213.77.148.169])
	by hub.freebsd.org (Postfix) with ESMTP id 0D0C437B403
	for <freebsd-security@FreeBSD.ORG>; Mon,  3 Sep 2001 05:18:08 -0700 (PDT)
Received: by pa169.kurdwanowa.sdi.tpnet.pl (Postfix, from userid 1001)
	id 827511D14; Mon,  3 Sep 2001 14:17:18 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by pa169.kurdwanowa.sdi.tpnet.pl (Postfix) with ESMTP
	id 41E35552A; Mon,  3 Sep 2001 14:17:17 +0200 (CEST)
Date: Mon, 3 Sep 2001 14:17:16 +0200 (CEST)
From: Krzysztof Zaraska <kzaraska@student.uci.agh.edu.pl>
X-Sender: kzaraska@lhotse.zaraska.dhs.org
To: Hank Leininger <hlein@progressive-comp.com>
Cc: freebsd-security@FreeBSD.ORG
Subject: Re: Possible New Security Tool For FreeBSD, Need Your Help.
In-Reply-To: <200109021601.MAA30005@mailer.progressive-comp.com>
Message-ID: <Pine.BSF.4.21.0109031402470.406-100000@lhotse.zaraska.dhs.org>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

On Sun, 2 Sep 2001, Hank Leininger wrote:

> Then whack this data into IP
> and TCP options fields of some set of packets you throw at the box.  The
> server would listen for the right sequence of packets, 
And you're toasted in case of a packet loss, since IP is an unreliable
protocol. Not to mention that some paranoid router/firewall on the way
may drop the "weird" datagrams. 

> But really, it hardly seems worth the bother.  A whole lot of complexity
> (==places for your implementation to be buggy and open new security holes)
> and resource-consumption (==DoS opportunity) for little gain other than
> security through obscurity.
Exactly. IMHO this tool would be no much gain in normal administration but
would make a hard to detect backdoor.

> Now, if there were a CGI that was POSTed to with this signed/encrypted
> request... 
But the script would reside by default in the same location so throwing
together a kiddie scanner is trivial. Not to mention the possibility of
exploitation of the script. And also SSL'd connections should be
used... Too much configuration overhead, I think. 



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message