hi ya patrick
yup...probably 80-90% of secruity breaches of various sources are
internal...
- samba is not bullet proof... had a major bug/exploit in it about
2 months ago...
- yup .. not as many exploits lately... for sendmail/exim...
- its been well tested/reviewed ???
have fun
alvin
http://www.Linux-Sec.net...
--
-- http://www.Linux10.org ... linux' 10th Anniversary Picnic/BBQ
--
On Fri, 3 Aug 2001, Patrick Kirk wrote:
> Sorry if I appear complacent below but remember I'm running Woody with
> dynamic IP addressing. A cracker would need to be very fast and up to date.
> Or to have been watching Swordfish in which case he's have to find someone
> to hold a gun to his head and provide a blonde to give him a blowjob.
>
> Actually, there's probably quite a few people who would take up cracking
> just for the blowjob!
>
> | nope... the box is NOT secrure...never is...
> |
> | just depends on who the attacker is...if they wanna get in..they willl
>
> They won't. I've never had an intrusion on a public facing box. Even the
> old ipfwadm rules on Slink make it impossible to get in. It's important to
> remember that a server that's hacked twice gets taken offline and formatted.
> If it happens to a few boxes, the OS goes out of fashion. Linux is actually
> very hard to attack from outside the firewall. Most serious hits come from
> employees.
>
> | there is no point nowdays to be running discard, daytime, time
>
> Damned if I know why they are there. Sometimes Linux seems swamped in
> cruft. But when I cut it away, sometimes things break :-(
> |
> | no reason to run netbios-ssn unless its a samba server that
> | requires/allows winXX users to write data to this machine
>
> It is. My kids use it to store games. And I know security conscious folk
> hate this. But samba is bullet-proof. I've never heard on an exploit that
> can get past eth0 if samba is restricted to eth1, or ppp0 if samba is
> restricted to eth0. These bindings do work.
> |
> | ssh is being attacked/exploited on a regular basis
>
> Is OpenSSH capable of being taken down from outside the firewall? ssh is
> the main reason I like Linux. In my last house, I had ADSL and no Linux
> drivers. I worked in the top floor with the server in the garage. I got
> heartily sick of having to traipse down the stairs to open and close the
> connection every time the DSL network went funny. I yearned for ssh. Sad
> or what? Luckily now I have Linux I can return to normality and yearn for
> Cameron Diaz.
>
> | smtp is notorious for exploits...
>
> Um. No it isn't. Its notorious for being left open. Even old sendmail
> hasn't had a seriuos exploit in years, let alone exim. Actually, has exim
> ever been used to take down a server from outside the firewall?
>
> | http is being attacked/exploited regularly...
>
> Last apache exploit with root access was over 3 years ago. Perhaps it can
> be be used as a trojan but I'm not perpared to worry about that.
>
> | printer is attacked regularly...
>
> Oh. Is there a way to bind printer to an interface?
>
> |
> | so far...all the ports you have open are those that exploits already
> | exists.....
> | - run the exploits and see if it gave a reg user root access
>
> That's a bit time consuming. I could pull Cameron Diaz in the lenght of
> time that would take...and it should be less frustrating!
>
> What's the general opinion on Port Sentry? It stops nmap on the remote host
> I was using but I hadn't bothered to use stealth.
>
>
> --
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
>
>
