79 lines
3.0 KiB
Plaintext
79 lines
3.0 KiB
Plaintext
From secprog-return-510-jm=jmason.org@securityfocus.com Mon Sep 23 18:31:18 2002
|
|
Return-Path: <secprog-return-510-yyyy=example.com@securityfocus.com>
|
|
Delivered-To: yyyy@localhost.example.com
|
|
Received: from localhost (jalapeno [127.0.0.1])
|
|
by jmason.org (Postfix) with ESMTP id 747B916F03
|
|
for <jm@localhost>; Mon, 23 Sep 2002 18:31:17 +0100 (IST)
|
|
Received: from jalapeno [127.0.0.1]
|
|
by localhost with IMAP (fetchmail-5.9.0)
|
|
for jm@localhost (single-drop); Mon, 23 Sep 2002 18:31:17 +0100 (IST)
|
|
Received: from outgoing.securityfocus.com (outgoing2.securityfocus.com
|
|
[205.206.231.26]) by dogma.slashnull.org (8.11.6/8.11.6) with ESMTP id
|
|
g8NFICC22953 for <jm@jmason.org>; Mon, 23 Sep 2002 16:18:12 +0100
|
|
Received: from lists.securityfocus.com (lists.securityfocus.com
|
|
[205.206.231.19]) by outgoing.securityfocus.com (Postfix) with QMQP id
|
|
AAB618F4BC; Mon, 23 Sep 2002 08:21:13 -0600 (MDT)
|
|
Mailing-List: contact secprog-help@securityfocus.com; run by ezmlm
|
|
Precedence: bulk
|
|
List-Id: <secprog.list-id.securityfocus.com>
|
|
List-Post: <mailto:secprog@securityfocus.com>
|
|
List-Help: <mailto:secprog-help@securityfocus.com>
|
|
List-Unsubscribe: <mailto:secprog-unsubscribe@securityfocus.com>
|
|
List-Subscribe: <mailto:secprog-subscribe@securityfocus.com>
|
|
Delivered-To: mailing list secprog@securityfocus.com
|
|
Delivered-To: moderator for secprog@securityfocus.com
|
|
Received: (qmail 13967 invoked from network); 23 Sep 2002 08:06:03 -0000
|
|
Date: Fri, 20 Sep 2002 23:00:42 +0000
|
|
From: redhat <redhat@xlnt-software.com>
|
|
To: SECPROG Securityfocus <SECPROG@securityfocus.com>
|
|
Subject: Re: use of base image / delta image for automated recovery from
|
|
attacks
|
|
Message-Id: <20020920230041.A1139@xlnt-software.com>
|
|
Mail-Followup-To: SECPROG Securityfocus <SECPROG@securityfocus.com>
|
|
References: <NAEOJLMPJMJDFPLHIOJOAEFJDBAA.bmord@icon-nicholson.com>
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=us-ascii
|
|
Content-Disposition: inline
|
|
In-Reply-To: <NAEOJLMPJMJDFPLHIOJOAEFJDBAA.bmord@icon-nicholson.com>
|
|
User-Agent: Mutt/1.3.21i
|
|
X-Loop: redhat@rphh.org
|
|
X-Meow: Your pets will be disembowled if you do not keep up payments.
|
|
X-Spam-Status: No, hits=-3.8 required=5.0
|
|
tests=IN_REP_TO,KNOWN_MAILING_LIST,REFERENCES,USER_AGENT,
|
|
USER_AGENT_MUTT,X_LOOP
|
|
version=2.50-cvs
|
|
X-Spam-Level:
|
|
|
|
reply to the mail from Ben Mord (bmord@icon-nicholson.com):
|
|
|
|
> Hi,
|
|
|
|
Hello,
|
|
|
|
< ... snipped for brevity ... >
|
|
|
|
> ... This concept could also be
|
|
> applied to the application servers, and even the database server partitions
|
|
> (except for those partitions which contain the table data files, of course.)
|
|
|
|
Although the data might just be the information that needs protecting.
|
|
|
|
> Does anyone do this already? Or is this a new concept?
|
|
|
|
I've seen this implemented for a shell server, although they chose
|
|
to have their root on a CD-WR in a CD-R drive. Which meant that even
|
|
when compromised it was only possible to examine other users data.
|
|
AFAIR(emember) they just swapped CD's when a root exploit was found.
|
|
|
|
> Thanks for any opinions,
|
|
|
|
NP
|
|
|
|
blaze your trail
|
|
--
|
|
redhat
|
|
|
|
'I am become Shiva, destroyer of worlds'
|
|
|
|
|