Re: [vox-tech] Router acting funny

[Micah Cowan <micah@cowanbox.cMAPSom>]

On Wed, Jan 03, 2001 at 02:26:06AM -0800, Bill Broadley wrote:
> On Tue, Jan 02, 2001 at 10:29:58PM -0800, Foo Lim wrote:
> > That's when tripwire comes in handy.
> > 
> 
> Sorry, doesn't help, once hacked your screwed.  

Says who?  If tripwire (or AIDE, or whatever) can't detect hacked
files "once hacked," what is it good for?  That's it's sole purpose!
If anyone doesn't know what tripwire is, it's a program which keeps a
database of all the checksums on any files on your system which you
care about, which you save to some removable media (leaving it on your
system is patently stupid, since the hacker can then just re-run
tripwire on 'em, and make it think there weren't any changes).   You
can then use tripwire to find out if any of the files have been
altered.

There have been some clever folks who were able to include precisely
the right random junk to make the MD5 checksum the same, though...
Vast majority of crackers can't do this.  I've only heard of a couple
who could.

The very best thing you can do is to keep *statically* linked binaries
on read-only media (locked disk in a safe place is okay - write-once
media like CD-R is excellent!) and run them from there if you're in
doubt.

Micah