|
|
BugTraq
Preventing exploitation with rebasing Feb 04 2003 05:08AM David Litchfield (david ngssoftware com) (7 replies) Re: Preventing exploitation with rebasing Feb 05 2003 01:41PM dullien gmx de (1 replies) Re: Preventing exploitation with rebasing Feb 04 2003 10:52PM David Litchfield (david ngssoftware com) (2 replies) Re: Preventing exploitation with rebasing Feb 04 2003 02:00PM sd hysteria sk (1 replies) Re: Preventing exploitation with rebasing Feb 04 2003 11:20PM David Litchfield (david ngssoftware com) Re: Preventing exploitation with rebasing Feb 04 2003 02:00PM Torbjörn Hovmark (torbjorn hovmark abtrusion com) Re: Preventing exploitation with rebasing Feb 04 2003 11:38AM Charlie Root (weedpower home ro) (4 replies) Re: Preventing exploitation with rebasing Feb 06 2003 01:00AM Deus, Attonbitus (Thor HammerofGod com) Re: Preventing exploitation with rebasing Feb 04 2003 06:38PM David Litchfield (david ngssoftware com) (1 replies) Re: [VulnDiscuss] Re: Preventing exploitation with rebasing Feb 05 2003 05:32PM Halvar Flake (halvar gmx net) Re: Preventing exploitation with rebasing Feb 04 2003 11:34AM Eugene Tsyrklevich (eugene securityarchitects com) Re: [VulnDiscuss] Preventing exploitation with rebasing Feb 03 2003 09:49PM Michal Zalewski (lcamtuf coredump cx) |
|
Privacy Statement |
> With all the respect... I think your ideea is a BAD one ! Why ? Well...
> It might be verry efective if one to... mhm... 100 persons would aply
> this technique. That's because hackers/worms wouldn't mind loosing a few
> servers if they got the rest of the world. But if this technique would
> became a standard then the worm-industry (if there is such a thing)
> would also evolve... making it brute-force the addreses. I admit that
> brute-forcing would slow down the worm/hacker/whatever... but this is no
> way of looking at the security. This is like protecting a house/store by
> putting 15 doors that all could be easily broken... Of course there is a
> chance that a thief trying to break in would get bored breaking door
> after door... but if he's really determined... Well... I guess I made my
> point.
I fail to see how adding security that doesn't have a performance
or stability cost is ever a bad thing.
No one is suggesting that the security community *rely* on this
technique for security. It is an additional layer - the classic
'denfense in depth' that we are constantly touting.
People keep saying "but it won't stop everything", and that's true.
But since when have we turned down a security procedure that is
not a silver bullet against all evils? I'd love to make it harder
for worms to attack my systems. I'd love for them to take longer
to break into the machines down the hall. That means things will
spread slower, and we can stop the damage quicker. Why is this bad?
> Rebasing might be usefull up to some point. But it contains a "mental"
> vulnerability. If one would apply this technique he would probably think
> he is safe and neglect updating his security.
David has not suggested that this is a solution. And any administrator
who has such a "mental" vulnerability probably has several other
non-rebasing related vulnerabilities on their servers anyway. They
probably think that a firewall stops all attacks, so wouldn't bother
rebasing in the first place. This is not a satisfying argument against
rebasing.
If rebasing causes a problem with performance, stability or the
ability to apply security-related patechs, that's a good argument
against it for that envoronment. It may even be application-specific,
and I have no knowledge of how well you can perform it on Windows
boxen. But I don't see any reason that you shouldn't if it can be
done right.
More layers of security are good... additional layers of security
are good... additional layers of security are good...
--
Brian Hatch Microbiology Lab:
Systems and Staph Only!
Security Engineer
www.hackinglinuxexposed.com
Every message PGP signed
[ reply ]