I'm an "Architect", which means I design computer solutions. Once upon
a time I was a network administrator but my hands on skills are not what
I'd like them to be, certainly not in the Linux space. This is sort of
an apology for asking potentially dumb questions.
Recently my Linux Firewall, connected to MediaOne, was cracked. I'm
absolutely furious about the way M1/ AT&T handled the situation. I knew
my firewall wasn't tightened down very well, but it's just my house and
I kept procrastinating. So last week I get a nastygram from M1 saying
my machine had been "caught" port scanning and that this activity was in
violation of the "Terms and Conditions" for use. This was a slap on the
wrist and the next time they'd permanently pull my account. Well, being
on the road more often than not, I was only able to tighten up the
machine, not reformat and rebuild. Besides, I checked out the logs and
there were tracks everywhere. The idiot even built themselves an
account. I thought it was juvenile, amateur script kiddy stuff. The
following Sunday, about the only time I have time to work on anything,
was Easter and family comes first. So, on Friday, I was in New York
City, Times Square and I get a call from my kids, very upset. It seems
that "tightening up" my firewall wasn't enough and they'd left a back
door. My machine had again been cracked and had been port scanning
again. Oops, my bad, I should have formatted the darn thing. So, M1
says, goodbye...forever. Man am I mad at them. I REALLY hate
monopolies now.
Well, I talked to their legal department, a million times better than
their security department and it appears we can work something out. So,
my purpose here is two things. One, to vent a little (thanks :-) ) and
two to ask about known vulnerabilities. My machine is a reformatted RH
6.2 installation. I intend (downloading the kernel from a modem really
stinks) to upgrade to 2.2.18 (any reason to go to .19?) because I heard
there was some fix there. Additionally I am going to get the latest
BIND to fix that exploit. I'm going to run a fairly tight IPCHAINS
script. I don't run an HTTP server on the firewall, nor any other
services. I will have SSH and FTP open. Other than that I will open
only things for my Masquerading machines inside to get out. (POP, SMTP,
HTTP, Time (13), Probably IRC and IDENTD (needed for many IRC's), FTP,
etc pretty much the standard list. Could one of you really good Network
Admin guys tell me if I'm on the right track? Any other suggestions?
Thanks.
Also, one other vent. I wish those jerks at M1, instead of pulling the
plug on my account, would first trace the darn thing and go try to catch
the bad guy instead of harassing their customers. Then they can pull
the plug and give me a chance to fix it. These procedures of theirs are
doing nothing to fix the problem and just punishing the victims. Rather
like punishing someone because their car was stolen. Argh.
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
