On Mon, Mar 08, 2010 at 07:34:14AM -0700, Warren Young wrote:
On 3/6/2010 4:04 PM, nate wrote:
if you can upload source code, you can upload a precompiled binary
True, but most attacks are automated, and try to attack as wide a range of machines as possible.
If I were to write a bit of malware for *ix that needed a custom binary on the target machine, I'd at least consider distributing it as C code, banking on the fact that most *ix systems have a C compiler installed by default these days.
It is no longer just the C compiler. Perl, Python, Ruby, php even bash all have rich libs and can do more quicker than most can accomplish with a C program and with more portability too.
It makes sense to have a good firewall that limits all in and out paths as well as a proxy server for outgoing connections and other footprint tools.
Logs and management should involve another box such that the system admin folk have a safe and different place to do their job from.