Hosting Provided By

Re: Openbsd 3.2 wtmp delay and named backdoor

From: Jose Nazario <jose(at)monkey.org>
Date: Mon Jan 20 2003 - 21:17:06 EST

the wtmp delay appears to be caused by dns lookups. some testing at home produced the same delay, looking at the traffic showed it was trying to resolve an internal hostname.

i agree with eric that the named syslog mechanism could go with a healthy dose of paranoia and use a non-root syslog user. note that syslogd can be systraced quite nicely, as well.

jose nazario, ph.d.			jose@monkey.org
					
http://www.monkey.org/~jose/

----------------------------------------------------------------------------

This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com Received on Thu Jan 23 12:06:54 2003

This message: [ Message body ]
Next message: Martin K. Lee - XML Consulting: "unusual http access in proxy log"
Previous message: John Pugh: "Re: Hacked web server"
Maybe in reply to: Eric Weaver: "Openbsd 3.2 wtmp delay and named backdoor"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 14:01:56 EDT