Date: Fri, 21 Aug 1998 18:00:45 +0000 From: Mike Smith <mike@smith.net.au> To: "B. Richardson" <rabtter@aye.net> Cc: hackers@FreeBSD.ORG Subject: Re: I want to break binary compatibility. Message-ID: <199808211800.SAA11270@dingo.cdrom.com> In-Reply-To: Your message of "Fri, 21 Aug 1998 19:12:40 -0400." <Pine.SGI.3.95.980821185606.1979A-100000@orion.aye.net>
next in thread | previous in thread | raw e-mail | index | archive | help
> > > I have a problem with some hackers that are obsessed with making my > ISP's life miserable (they've already hacked our SGI). I've slapped > together a FreeBSD box to throw their webpages on it, turned off all > services except http. > > The hackers have expressed intent to break into our machines at > any opportunity (they seem to be infuriated that we intervened and > was able to keep a couple of services up on our SGI). > > The hackers relentlessly attacked our machine every time we tried to > bring our SGI online for a 48 hour stretch, and I believe that are > going to try to break into our new machines with the same fervor. > > What I want to do, if possible is build a uniq system such that binaries > from other systems will not run on it and vice versa. Is this possible? Sure. You can change any number of reasonably subtle things (eg. syscall numbers) to achieve this. However, if they are able to steal a binary from your box and possess any real talent (as opposed to being a malevolent bunch of script kiddies) they will be able to reverse-engineer most of these changes fairly quickly. The first thing you should be trying to establish is how they might be getting *in*. If all you have active is http, you should be analysing any CGIs that you have very closely, as well as making sure that your server is up to date. You might also want to install a firewall if you haven't already. See eg. www.gnatbox.com for a solid and straightforward solution (also based on FreeBSD, just coincidentally). You should also be spending some effort on actually determining who the perpetrators *are*, as their activities are extremely illegal, and you may be able to obtain legal satisfaction if you can identify them. Good luck! -- \\ Sometimes you're ahead, \\ Mike Smith \\ sometimes you're behind. \\ mike@smith.net.au \\ The race is long, and in the \\ msmith@freebsd.org \\ end it's only with yourself. \\ msmith@cdrom.com To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199808211800.SAA11270>