[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] RE: 'On my Soap Box'
- Subject: Re: [cobalt-security] RE: 'On my Soap Box'
- From: "Mark Anderson" <cronus@xxxxxx>
- Date: Tue, 6 Mar 2001 21:35:13 -0000
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
> I'm sorry, but I have to object here (I'm slightly biased coming from a
> security background I suppose)... Sure, you can install Redhat, kill off
> services you don't need, install tripwire and run ipchains, but this does
> not make you secure.
Of course not - I never suggested it was that simple.
> What happens when the next 17 year old kid with a copy of gcc and redhat
> writes the next major exploit and gives it to all his IRC friends (which
> doesn't get posted to bugtraq for a few weeks)? You get rooted. Kids
> install Linux Kernel Modules, you don't even know you've been rooted,
> tripwire etc is useless.
How many 17 year old kids write remote exploits ? I humbly suggest that
exploits are found and written by experienced programmers and admins
of many years.
> That sort of thing doesn't happen often? Yes, it does. A major hole in
> wuftpd was known amongst many hax0rs for 6 months+ before it became public
> knowledge (somebody posted the exploit to bugtraq) about a year ago.
> Wuftpd is installed and enabled by default in Redhat and on earlier RaQs.
I had that exploit before it was made public, but I was one of many hundreds
who had it at the time. Perhaps thats not public, but it was just as good.
And
any admin worth his salt would clean wuftpd off any fresh install and
replace
it with an ftpd that didn't have such a checkered past in relation to
security.
> Also, most exploits posted to bugtraq et all aren't broken. Most of them
> take the ability of a 14 year old to run from a 56k modem, and very little
> skill. Just look at all the recent Cobalt bind breakins.
You mentioned the bind exploit which I'd forgotten but it proves my point.
Hundreds of 14 year old kids ran the first tsig exploit which actually
launched
a DoS attack on networkassociations (?) by masking its intentions in the
shell code. Again I point out that a script kiddie can download a sploit
but its unlikely to actually work.
But I'm going to drop the topic at any rate...