RE: Help with virus/hackers

Kenny Mann (Kennymann@cdrobot.com)
Thu, 17 Apr 2003 15:56:37 -0500


http://www.openitx.com/g/networkadmin-select.asp

That mail list would probably be more appropriate.
Openitx also has allot of mail list.. Perhaps one of them may be even
more appropriate.

--KM

-----Original Message-----
From: Kenny Mann
Sent: Thursday, April 17, 2003 1:13 PM
To: John Bradford; Alan Cox
Cc: root@chaos.analogic.com; joe briggs; linux-kernel@vger.kernel.org
Subject: RE: Help with virus/hackers

Perhaps this:
Using FTP to connect to another secured computer which has only that
service running. Write-only (no read, etc) is what is used to send to
it. This file will remain open until time X. Where X equals when that
file will close and another file will begin. Random names or perhaps
based on date/time. Everything Y amount of time, it will burn to a CD
that directory or perhaps only new files added. (all but the last file
which is currently
open)
When that directory (minues the open file) size hits a certain size, it
will either ask for another CD or auto-create another CD and move
previous logs there. (or perhaps when that directory hits a certain size
it moves the old logs there and then burns them instead of every Y time)

Any suggestions/flames?

>> Linux supports console on printer. Its not totally foolproof (there
is
>> a famous story of someone who simply reprinted the past two days of
>> logs edited so the admins wouldnt realise when they looked)
>!!! You can't be serious :-)
Hmm, true or not... Better safe than sorry. :-) If that person knows
about It they are bound it try and figure something out.

Perhaps if you see a massive directory size difference (increased size)
That might be something to set it off... (assuming you follow the idea
above)

--KM

-----Original Message-----
From: John Bradford [mailto:john@grabjohn.com]
Sent: Thursday, April 17, 2003 1:01 PM
To: Alan Cox
Cc: John Bradford; root@chaos.analogic.com; joe briggs;
'linux-kernel@vger.kernel.org'
Subject: Re: Help with virus/hackers

> > I've often wondered whether it would be worth connecting a very
> > large serial EEPROM to a serial port interface, and have it
> > effectively appear as a solid state printer, (to that you could
> > cheaply log to an unmodifyable device). Has anybody ever tried
> > this?
>
> Linux supports console on printer. Its not totally foolproof (there is

> a famous story of someone who simply reprinted the past two days of
> logs edited so the admins wouldnt realise when they looked)

!!! You can't be serious :-)

> but it works pretty well. Just use a dot-matrix printer save keeping
> HP, Lexmark or Xerox in business 8)

Aren't you concerned with all of the trees that will be cut down to make
that paper, though?

I think 1 tree = about 50 reams. Let's say you get through a ream a
day, that's a tree every couple of months!

Maybe there is a way to encode the data in the rings of the tree while
it's still growing, that would be the ultimate WORM device :-) :-) :-).

John.
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel"
in the body of a message to majordomo@vger.kernel.org More majordomo
info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel"
in the body of a message to majordomo@vger.kernel.org More majordomo
info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/