On Tue, 2003-01-07 at 17:44, Jacob Meuser wrote: > On Tue, Jan 07, 2003 at 07:54:55PM -0600, Timothy Bolz wrote: > > I had a person who is a Cisco certified network guy tell me unix boxes are > > easier to get into than windows. > > That's a question with a lot of "It depend if ..."s. > Specifically, say, kernels with smashable stacks, and exploitable versions of any networked services. Some home-router-type devices are exploitable to slip through NAT from the outside, most are soft-upgradable by ftp or a web-frontend. Check the manufacturers websites! For your system software/services, check bugtraq if you dare: http://online.securityfocus.com/search (select "BUGTRAQ" from the "Search area" pulldown) In general, keeping your system up-to-date with distro-based utilities is an easy way, but if you built your own you'll need to check up on the project sites to get sources of course... build away! I've noticed a significant lag between source-update fixes of some vulnerabilities in the past year, and package release -- so if you rely on a service in particular (ie, value-based judgment), or want to test your talkative friend, you might want to do some compiling.
> > He's very knowledgeable and says he's one > > of 5000 certified in the world. I don't know if he's worked in Linux or not. > > My box at work is a Debian GNU/Linux box and he knows the ip address of it. > > He said a hacker could gain access to it if they know the ip address. I said > > I have ipchains installed. My question is that enought or do I have to close > > down the ports too. He thinks someone could gain access to my box even > > though I'm running Linux with ipchains. He ruffled my feathers and I don't > > like it, especially when I don't know how to respond to someone who might > > know. > > He's probably just trying to "show off" or something, but one never > knows. > He may well be a script-collector, and believe his security skills go above and beyond the cert with such tricks. He might have some "rootkits", which are pre-packaged toolsets to break into systems. You can try running a check for known rootkits: http://www.chkrootkit.org/ securityfocus has a linux tools section also: http://online.securityfocus.com/cgi-bin/sfonline/tools.pl?platid=1&cat= (don't miss the site's IDS section, either) maybe check out these: http://freshmeat.net/projects/lsat/?topic_id=253 http://freshmeat.net/projects/nessus/?topic_id=43 > > What I'm saying is my box is on a private network 192.168.x.x which > > other people on that network who I don't know get on. What can I do to > > protect my box besides turning it off at night or unplugging it from the > > network. > > stay on top of security updates > don't provide access you don't need to > run 'netstat -an' to see what ports are listening to outside > connections > you already have ipchains, just make sure it's doing what you want > if you need to have services running, lock them down to only give > needed access in their configuration or perhaps tcpwrappers > (/etc/hosts.{allow,deny}) and if he is gonna have a go at you, I suggest running snort (http://www.snort.org/), or a packet dump (http://tcpdump.org/) if you know exactly when he sets fire (packet dumps can get huge, watch out). good luck and I hope my links help!! benb -- Ben Barrett <[EMAIL PROTECTED]> counterclaim _______________________________________________ Eug-LUG mailing list [EMAIL PROTECTED] http://mailman.efn.org/cgi-bin/listinfo/eug-lug
