Letters

by Various
Possible Attack on “Stealth” Log Host?

Thanks for “Stealthful Sniffing, Intrusion Detection and Logging” [LJ, October 2002, also available at www.linuxjournal.com/article/6222]. That is a clever use of Snort, particularly as a means to send logs to a remote host. Just a couple of comments as I read through the article. In the Sidebar titled “LAN Segments, Hubs and Switches” on page 38, it is not impossible to send logs to the Snort logging host from a distant segment. Just ensure the Snort host is attached to a valid IP subnet, and give the subnet's router a static ARP entry that associates the Snort host's MAC address to an unused IP address that is valid for the Snort host's subnet. With the method of logging outlined in the article, it may still be possible to compromise the integrity of the Snort logging host. An attacker may be able to send their own log messages, which may be used either to overflow the logging disk or to attack a potential vulnerability in Snort's capture/parsing logic (if there ever was one).

—John Kristoff

Mick Bauer replies: Even a stealth logger is vulnerable to denial-of-service (DoS) attacks and sniffer-specific application exploits. But in practical terms, neither of these strikes me as a huge risk. I think it would be pointless for an attacker to aim specifically to take out a stealth logger via a DoS attack; that amount of traffic probably would also take out the system you're actually trying to attack without being logged. On the other hand, we should keep in mind that the “stealth sniffing” technique is intended to mitigate the specific threat of attacks against the logger's local TCP/IP stack and applications. I do think it's useful for that and effectively raises the bar considerably against would-be log-tamperers. However, these are good observations.

More C++ Coverage, Please

I really enjoyed the article “Memory Leak Detection in Embedded Systems” that appeared in the September 2002 issue of Linux Journal. Lately I have been doing a lot of C++ development with the DB2 UDB Administrative API, and detecting memory leaks in both my code and IBM's is useful for debugging purposes. Please feature more articles that address these types of C++ development topics in 2003. An overview of compiler and compiler tools (g++, Intel compilers, etc.) tools would be one article in particular I would like to see run.

—Kevin Wittmer, Senior Software Developer, Expand Beyond, Chicago, Illinois

Watch for an article on the Intel C and C++ compiler next issue.

—Editor

Red Hat 8.0: Love the License, Hate the Look

I recently purchased the new Red Hat 8.0. I have been following Red Hat since 5.1 and have purchased 6.0, 6.1, 7.2 and downloaded 7.3. I find the new desktop, Bluecurve, to be a true bastardization of both Gnome and KDE. Red Hat has removed all of the character from Gnome and KDE and smudged the windowing into their own proprietary look and feel. Konqueror is not the default browser in the KDE menu, and CUPS is not installed by default. If I want to go into KDE, I want KDE. If I want Gnome, give me Gnome, not some smudging of the two. On the other hand, the beauty of open source is that you can do what you want with it as long as you publish the source code, and that is what Red Hat has done. Good for them. But, Bluecurve should be called BLUE-SMUDGE.

—Tom Amon, IT Tech

More on Getting Started?

I love the magazine and enjoy it and sharing GNU/Linux with everyone I know. When I got started with GNU/Linux I looked to books and mags to help me, and what really helped me were any tidbits of information that I could get. Marcel's sections are a blast to read, and maybe something like that more directed to newbies would help other new people in their exploration of GNU/Linux.

—Matthew

If you enjoy sharing your knowledge, please visit our web site (www.linuxjournal.com) for an author's guide, and send us an article proposal.

—Editor

Keyboard Changes?!?!

The key for the EXCLAMATION MARK (!) should be shifted to the key left of the number one (1). This will facilitate typing of the EXCLAMATION MARK (!) without using the Shift key. This is necessary because EXCLAMATION MARK (!) is used very often while typing any text. The key for the QUESTION MARK (?) should be brought down below on the same key on which it is available presently, so that Shift key need not be pressed. The OBLIQUE symbol (/) is very rarely required. Lastly, the INDICATOR LIGHT ON for the CAPS LOCK key, pressed for typing ALL CAPS, is not enough to highlight the same. The INDICATOR LIGHT should not be constant. Instead, it should go on blinking, preferably with a “BEEP BEEP” sound so as to attract the attention of the USER, so that he undoes it after his need to type ALL CAPS is over. I hope, the above-mentioned suggestions are worthy of due consideration and if possible, implementation.

—DR. C.H. AWALGAONKAR

See man xmodmap for how to remap any key to any character.

—Editor

Picking a Linux SAN?

I'm a regular reader of your magazine here in the UK. I would really like to see a good, well-researched story on IP SANs, iSCSI and Linux. I've been noticing lots of activities in this area, and it looks like Linux is playing a big role in this. I got involved in the subject because I'm on a committee that should (supposedly) decide on network storage strategies at our place (News International, big corporation). There are a couple of small companies already offering iSCSI targets, and all of them appear to be Linux-based. See for instance www.pyxtechnologies.com (this is Andre Hedrick) or technomagesinc.com. The subject is pretty hairy. If you want more information or links, let me know.

—Antonio Cordova, Pre-Press Consultant, News International

What Are BogoMips?

I saw, in the September 2002 issue of LJ [“What Has 1.1 Terabytes, 9,503 BogoMips and Flies?”], a project system that listed the CPU performance in BogoMips. What is a BogoMip, and how is it measured?

—Frank Jansen

BogoMips are a measurement of how fast the kernel runs a simple delay loop. See the BogoMips Mini-HOWTO at www.tldp.org/HOWTO/mini/BogoMips.html.

—Editor

Font Question

What font are you now using in the headlines on the cover of your magazine? I know this is a strange question, but I rather like that font, and being a graphic designer, I would like to use it.

—Tiago Oliveira

Lydia Kinata replies: We use the DaxWide font family on the cover and for article titles and headers within the magazine. DaxWide comes in several weights, from very light to “Extra Black”. It's a very useful font.

Best Practices for Web Security

I read your article on secure PHP applications in Linux Journal, October 2002, and I thought it was quite useful. An additional source of information on the subject is the “The OWASP Guide to Building Secure Web Applications and Web Services” (www.owasp.org/guide). A lot of “good practices” are combined in a single document.

—Peter Fokker

An Ad Is an Ad

I know some people think the “battle” between Linux and Microsoft is a religious quest, but the letter from Renato Carrara is just plain silly. [See the “Don't Run Microsoft Ads” letter in LJ, November 2002]. A magazine is a business proposition, and ads pay for the magazine. As long as they don't flagrantly violate good taste, magazines should run whatever ads are proffered. Microsoft is probably astute enough to understand it would not find a receptive market here.

—Gary W. Nickerson, Director, Information Technology, Rockefeller Brothers Fund

Erratum

In the November 2002 issue, “2002 Readers' Choice Awards” (page 72), the number of voters given in the first paragraph is incorrect. It should read “Almost 6,000 voters...”.

Load Disqus comments

Firstwave Cloud