tripwire bypass

Posted on 2005-04-08
Last Modified: 2010-04-11
What would a hacker have to do to bypass tripwire?
To what effect do the recent vulnerabilities of MD5 have on the security of tripwire?
This is from an educational point of view of course.
Question by:badMotoFinga
    LVL 51

    Assisted Solution

    replace a file with his/her own one which has the same md5 checksum
    recent found md5 weakness makes finding equal hashes simpler
    LVL 14

    Assisted Solution

    Simpler, but still not simple. Plus Tripwire does both MD5 and SHA-1 by default, which makes the problem damn near impoissible.

    An easier way to attack the problem is to subvert the Tripwire database (if stored locally).
    LVL 51

    Assisted Solution

    .. or replace modules in the running kernel
    .. or use own modules in kernel
    .. or use a program in memory
    Well, none is really a vulnerability of TripWire, but it bypasses TripWire, at least as long as there is no reboot
    LVL 5

    Accepted Solution

    The attacker would need access to the box while it is in a vulnerable state, prior to it being secured. So servers should be built in a clean environment before being given public access.

    Once secure it is hard, however, if a managment server is used, the attacker would most likely target that instead so similar measures are needed on the managment/log collector, the reason is that if the first box is breached, the changes are recorded and logs sent to managment, therefor if management is not secure, you cannot trust that those logs have not been interfed with.

    most people forget the mangment/log collectors.

    If implemented correctly, it is very difficult, specially if logs are sent to another device and those logs are secured.

    Featured Post

    What Is Threat Intelligence?

    Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

    Join & Write a Comment

    Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
    Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    23 Experts available now in Live!

    Get 1:1 Help Now