[ale] hackers and thier methods

Chris Fowler cfowler at outpostsentinel.com
Tue Feb 19 18:34:42 EST 2002 


What I meant was that there is a shell on my box and I wrote.  Therefore I
know ist capabilites as well as other software.

I totally agree with what you wrote below.  As a exercise last year I
created a small system on a floppy.  Not like Tom's root and boot.
Not like any distro.  Basically It was a kernel and 1 binary.  The binary
had everything it needed including init.  IT was designed pretty much like
Busybox but provided obnly the features needed to support a function.
Therefore hacking was futile.  The best way is to create a box
that would excute your program instead of init that would setup ethernet and
firwalling services.  Thats it.   Not sure what hacking would gain there.


-----Original Message-----
From: Joe at orado.localdomain.private
To: ale at ale.org
[mailto:Joe at orado.localdomain.private]On Behalf Of Joseph A Knapka
Sent: Tuesday, February 19, 2002 12:13 PM
To: Chris Fowler
Subject: Re: [ale] hackers and thier methods


Chris Fowler wrote:
>
> Yea there's a shell.  I wrote it.  So I know it.

Huh? What shell? That reply made no sense to me. My
point is that it's possible to configure a PC firewall in
such a way that it provided no services other than
firewalling, and thus it would be much more difficult for
a hacker to invade.

Cheers,

-- Joe

> -----Original Message-----
> From: Joe at orado.localdomain.private
> [mailto:Joe at orado.localdomain.private]On Behalf Of Joseph A Knapka
> Sent: Tuesday, February 19, 2002 11:56 AM
> To: Chris Fowler
> Cc: Stephen Turner; ale at ale.org
> Subject: Re: [ale] hackers and thier methods
>
> > Chris Fowler wrote:
> >
> > No.  You are in control of your equipment.  Certain pieces of
> > equipment lend themselves to being better
> > secure then others.  Not due to the nature of the services running on
> > it.  But due to the nature of the envirnment on the
> > equipment.
> >
> > Some embedde quipment has hackable protocols.  That is the nature of
> > using any software.  But just because
> > they are hackable does not mean the hacker will be sucessful.
> > Personally I do nt support the use distro + PC = firewall.
> > A product that is built for this may be better suited.  It just scares
> > me to load RH 7.2 on a box and configure it as a firewall.
> > If I get hacked all the tools are there for mischief.  If it is on n
> > embedded piece of equipment then maybe nothing is there of use if they
> > gain a shell.
>
> Or maybe there is no shell.
>
> Try this:
>
> Install any distro you want on a PC. Add iptables. Configure
> your firewall the way you want it. Set up the boot process
> so that the machine boots with minimal services, brings up
> the network interface, configures iptables, and then does
> "shutdown -h now" to halt the kernel. Since all the IP
> action happens in interrupt context, the machine will
> happily filter packets and deal with forwarding, even though
> there are no processes running. Almost as good as an
> embedded appliance. I used to run my ipchains firewall
> that way, a couple years ago, before I switched to OpenBSD.
> I think there was a blurb on Slashdot or FreshMeat about
> the technique recently.
>
> Cheers,
>
> -- Joe
>
> > Who knows?
> >
> > Chris
> >
> >      -----Original Message-----
> >      From: Stephen Turner [mailto:artic_knight at yahoo.com]
> >      Sent: Tuesday, February 19, 2002 5:43 PM
> >      To: ale at ale.org
> >      Subject: [ale] hackers and thier methods
> >
> >      so i remove all these packages from my box, should i bother
> >      removing vi? it offers no hacks as i see it but i suppose my
> >      REAL question is, can a linux hacker or someone hacking
> >      linux run programs outside of your box that will configure,
> >      alter the box? or do you have to add programs such as a text
> >      editor in order to alter text? and what stops them from
> >      installing or "planting" them on my server?
> >
> >      ------------------------------------------------------------
> >      Do You Yahoo!?
> >      Yahoo! Sports - Coverage of the 2002 Olympic Games
>
> --
> "I should like to close this book by sticking out any part of my neck
>  which is not yet exposed, and making a few predictions about how the
>  problem of quantum gravity will in the end be solved."
>  --- Physicist Lee Smolin, "Three Roads to Quantum Gravity"
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
be
> sent to listmaster at ale dot org.

--
"I should like to close this book by sticking out any part of my neck
 which is not yet exposed, and making a few predictions about how the
 problem of quantum gravity will in the end be solved."
 --- Physicist Lee Smolin, "Three Roads to Quantum Gravity"



---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.

More information about the Ale mailing list