[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-security] URGENT Hacking

Subject: RE: [cobalt-security] URGENT Hacking
From: "Chris Weiss" <chris@xxxxxxxxxxxxx>
Date: Fri, 8 Sep 2000 15:48:41 -0400

-----Original Message-----

[Snipped]

It would be nice if Cobalt hadn't removed ipchains from their
distribution, as this would aid greatly in blocking things like this.
--------------------------------------------------------------------

You can install ipchains very easily.  I have on my machines.  You can also
download and install the 2.2.14c11 kernel from Cobalt and compile it with
whatever options you want or need (you should remove some of the default
crap and other options).  In my company, our telecommuters use a hardened
Raq 3 as a firewall and a masquerading box for internal private networks.
There were some issues with cram routing that were blocked with a good set
of ipchains rules and tcp wrappers.

On another note.... all of your objections to my original post were correct.
It is hard not to write a dissertation on security.  When you get into the
special case of writing trojans and using buffer overflow exploits, the
whole idea of protecting access on a service level goes out the window.  Any
general rule you write will have exceptions.

My original post addressed brute force attacks only on a port.  There are
many other exploits that can be used that bypass any and all port
protection, but those are exploits as opposed to brute force attacks - two
different animals.

There are things like finger, permissions on dot files, etc., etc., that
need to be addressed on any Linux box.  In general, if a machine doesn't
need a service, I shut it off and remove it.  This prevents some unused
service from becoming an exploit.

I disagree with the statement that Linux security is crap because you make
it sound like Linux is especially easy to hack.  I believe all operating
systems have crappy security out of the box.  I have yet to work with a
platform or an OS that was simply turn on the box and sleep easy.  My NT box
before I put it behind my firewall had been hacked multiple times in spite
of implementing every patch and trick I could find.  Without a proxy or a
firewall, NT is very vulnerable.  At least Linux can be hardened without an
intervening box.

Security is constant vigilance and constant tinkering.  I know I have voided
my warranty with my mods to my Cobalt boxes, but I couldn't live with some
of the stuff I found.

Later,
Chris

Follow-Ups:
- RE: [cobalt-security] URGENT Hacking
  - From: Gossi The Dog

References:
- RE: [cobalt-security] URGENT Hacking
  - From: Gossi The Dog

Prev by Date: RE: [cobalt-security] URGENT Hacking
Next by Date: RE: [cobalt-security] URGENT Hacking
Previous by thread: RE: [cobalt-security] URGENT Hacking
Next by thread: RE: [cobalt-security] URGENT Hacking

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index