[ale] hackers and thier methods
Chris Fowler
cfowler at outpostsentinel.com
Tue Feb 19 18:34:42 EST 2002
What I meant was that there is a shell on my box and I wrote. Therefore I
know ist capabilites as well as other software.
I totally agree with what you wrote below. As a exercise last year I
created a small system on a floppy. Not like Tom's root and boot.
Not like any distro. Basically It was a kernel and 1 binary. The binary
had everything it needed including init. IT was designed pretty much like
Busybox but provided obnly the features needed to support a function.
Therefore hacking was futile. The best way is to create a box
that would excute your program instead of init that would setup ethernet and
firwalling services. Thats it. Not sure what hacking would gain there.
-----Original Message-----
From: Joe at orado.localdomain.private
To: ale at ale.org
[mailto:Joe at orado.localdomain.private]On Behalf Of Joseph A Knapka
Sent: Tuesday, February 19, 2002 12:13 PM
To: Chris Fowler
Subject: Re: [ale] hackers and thier methods
Chris Fowler wrote:
>
> Yea there's a shell. I wrote it. So I know it.
Huh? What shell? That reply made no sense to me. My
point is that it's possible to configure a PC firewall in
such a way that it provided no services other than
firewalling, and thus it would be much more difficult for
a hacker to invade.
Cheers,
-- Joe
> -----Original Message-----
> From: Joe at orado.localdomain.private
> [mailto:Joe at orado.localdomain.private]On Behalf Of Joseph A Knapka
> Sent: Tuesday, February 19, 2002 11:56 AM
> To: Chris Fowler
> Cc: Stephen Turner; ale at ale.org
> Subject: Re: [ale] hackers and thier methods
>
> > Chris Fowler wrote:
> >
> > No. You are in control of your equipment. Certain pieces of
> > equipment lend themselves to being better
> > secure then others. Not due to the nature of the services running on
> > it. But due to the nature of the envirnment on the
> > equipment.
> >
> > Some embedde quipment has hackable protocols. That is the nature of
> > using any software. But just because
> > they are hackable does not mean the hacker will be sucessful.
> > Personally I do nt support the use distro + PC = firewall.
> > A product that is built for this may be better suited. It just scares
> > me to load RH 7.2 on a box and configure it as a firewall.
> > If I get hacked all the tools are there for mischief. If it is on n
> > embedded piece of equipment then maybe nothing is there of use if they
> > gain a shell.
>
> Or maybe there is no shell.
>
> Try this:
>
> Install any distro you want on a PC. Add iptables. Configure
> your firewall the way you want it. Set up the boot process
> so that the machine boots with minimal services, brings up
> the network interface, configures iptables, and then does
> "shutdown -h now" to halt the kernel. Since all the IP
> action happens in interrupt context, the machine will
> happily filter packets and deal with forwarding, even though
> there are no processes running. Almost as good as an
> embedded appliance. I used to run my ipchains firewall
> that way, a couple years ago, before I switched to OpenBSD.
> I think there was a blurb on Slashdot or FreshMeat about
> the technique recently.
>
> Cheers,
>
> -- Joe
>
> > Who knows?
> >
> > Chris
> >
> > -----Original Message-----
> > From: Stephen Turner [mailto:artic_knight at yahoo.com]
> > Sent: Tuesday, February 19, 2002 5:43 PM
> > To: ale at ale.org
> > Subject: [ale] hackers and thier methods
> >
> > so i remove all these packages from my box, should i bother
> > removing vi? it offers no hacks as i see it but i suppose my
> > REAL question is, can a linux hacker or someone hacking
> > linux run programs outside of your box that will configure,
> > alter the box? or do you have to add programs such as a text
> > editor in order to alter text? and what stops them from
> > installing or "planting" them on my server?
> >
> > ------------------------------------------------------------
> > Do You Yahoo!?
> > Yahoo! Sports - Coverage of the 2002 Olympic Games
>
> --
> "I should like to close this book by sticking out any part of my neck
> which is not yet exposed, and making a few predictions about how the
> problem of quantum gravity will in the end be solved."
> --- Physicist Lee Smolin, "Three Roads to Quantum Gravity"
>
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should
be
> sent to listmaster at ale dot org.
--
"I should like to close this book by sticking out any part of my neck
which is not yet exposed, and making a few predictions about how the
problem of quantum gravity will in the end be solved."
--- Physicist Lee Smolin, "Three Roads to Quantum Gravity"
---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be
sent to listmaster at ale dot org.
More information about the Ale
mailing list