[ale] Cracked many Linux systems

Dow Hurst dhurst at kennesaw.edu
Wed Apr 18 14:52:08 EDT 2001


My two cents:
We hired Bob to put together a VPN based on SSH and PPP tunneling.  Very
successful.  We also have firewalls for each subnet connected by the
VPN.  The firewalls are old PCs running a trimmed down Slackware.  The
only services are SSH and the kernel TCP/IP combined with ipchains.  You
don't have to worry much about patches with such minimal software and
services.  Bob just has to watch the kernel and SSH vulnerabilities.  We
run NFS and other services within the VPN with no problem.  Works
great!  Check out his book and complementary website.
Dow


Bob's ALE Mail wrote:
> 
> In the past few weeks I have seen MANY Linux systems that got cracked
> (hacked).  The rate of systems broken into seems to have GREATLY increased
> in the past month.
> 
> The suspected paths have been via named (DNS), lpd, or portmap & nfsd and
> all have been Red Hat 6.2.  Sadly, these were clients who thought the risk
> of a break-in to be small enough to not be worth spending the money or time
> to harden their systems.  Hardening would have taken 1/2 to 2 days.
> Recovering from break-ins (even if no data was stolen or altered) is much
> more.
> 
> Please, please don't use NFS or portmap (and friends), install the latest
> security patch for named and run it in under its own user and group and
> chroot'ed, use IP chains to block Internet access to the named, lpd, portmap,
> nfsd ports and most other ports, and do not run any kernel older than 2.2.16.
> 
> One knowledgeable security expert estimated that the average life of an
> unhardened Red Hat 6.2 system on the Internet (before being cracked)
> is two weeks.
> 
> Bob Toxen, CTO
> Fly-By-Day Consulting, Inc.           "Experts in Linux & UNIX security"
> bob at cavu.com
> http://www.cavu.com                   [Linux & UNIX Consulting]
> http://www.realworldlinuxsecurity.com [My book: Real World Linux Security]
> http://www.cavu.com/sunset.html       [Sunset Computer]
> Quality Linux & UNIX security and software consulting since 1990.
> 
> GPG Public key available at http://www.cavu.com/pubkey.txt (book at cavu.com)
>   and at http://pgp5.ai.mit.edu/pks-commands.html#extract
> pub  1024D/E3A1C540 2000-06-21 Bob Toxen <book at cavu.com>
>      Key fingerprint = 30BA AA0A 31DD B68B 47C9  601E 96D3 533D E3A1 C540
> sub  2048g/03FFCCB9 2000-06-21
> --
> To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

-- 
__________________________________________________________
Dow Hurst                   Office: 770-499-3428
Systems Support Specialist  Fax:    770-423-6744
1000 Chastain Rd.
Chemistry Department SC428  Email:dhurst at kennesaw.edu
Kennesaw State University         Dow.Hurst at mindspring.com
Kennesaw, GA 30144
*********************************
*Computational Chemistry is fun!*
*********************************
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.





More information about the Ale mailing list