Bootable CD w/OS for firewall
miah
jjohnson at sunrise-linux.com
Wed Sep 15 10:22:00 EDT 2004
http://www.samag.com/documents/s=1824/sam0201d/0201d.htm
On Wed, Sep 15, 2004 at 11:15:39PM +0900, Derek Martin wrote:
> On Wed, Sep 15, 2004 at 09:12:57AM -0400, miah wrote:
> > advantage being if you get owned, you burn a new cd and reboot. Since
> > its all a read-only filesystem that loads into memory anything an
> > attacker does is temporary.
>
> It is possible to run a firewall in "shut down" state. That is, you
> run shutdown, so that no processes are running, no processes can be
> spawned, but the kernel continues to filter packets. Under such
> circumstances, it's virtually impossible to be owned, unless you can
> find a way to inject code into the running kernel to be executed. I
> forget where I first saw this, but I imagine a web search on something
> like "firewall shutdown linux" will turn up useful results.
>
> --
> Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0xDFBEAD02
> -=-=-=-=-
> This message is posted from an invalid address. Replying to it will result in
> undeliverable mail. Sorry for the inconvenience. Thank the spammers.
>
More information about the Discuss
mailing list