[Nottingham] Paranoid already

Robert Davies nottingham at mailman.lug.org.uk
Sun Aug 17 15:49:01 2003


On Sunday 17 Aug 2003 15:41, David Bean wrote:
> > Or you could keep a renamed tar'ed duplicate of the netstat binary :P
> > Would that work on a box that's had a rootkit installed?
>
> Or how about a copy of a minimal system, statically built, written to
> CDR and left in the drive. I'm not sure if anyone makes these disks, but

There was actually a Debian based CD-ROM firewall project, I think it was 
called Gibralter, not sure how it developed, but quite a few years back they 
did have a runnable system.

The basic idea is to 'untar' stuff that needs to change into tmpfs or ram disk 
filesystem.

Rob