On Friday 10 January 2003 11:13 am, Todd Lyons wrote: > Lorne wrote on Fri, Jan 10, 2003 at 09:15:02AM -0700 : > > I've run coyote-linux for 5 years now and have NEVER been hacked. That is > > until September of 2002. I spoke with the author and he felt his system > > was secure and it couldn't have been his LRP based firewall that broke > > down. I DID have port 21 forwarded, so assumed it was the inside box that > > got compromised via port 21. I took the inside box off line, totally > > built it from scratch, hardened all boxes and made sure I had a secure > > intranet. I then brought the firewall back up. Within a month someone was > > poking around inside my intranet again. Now it seems that it takes about > > 48 hours for them to get back in. So I've been rebooting it every night > > until I can get my MNF box up. I believe there is some buffer overflow or > > other vulnerability that hasn't been identified yet with the LRP firewall > > system. So just a warning, > > Geez, you should be sitting there with tcpdump running nearly non-stop > and logging to a seperate host so that you can see exactly is occurring. > Get active and into it and you'll learn a LOT about security. You may > _think_ you know a lot now, but when you watch a box getting 'sploited, > and then pull the plug and figure it all out, you'll come out of it with > some invaluable knowledge that you can put to use immediately! > I prefer ethereal and sniffer pro and I have had really really limited time here at home. I've been getting more and more into packet analysis at work and it is pretty cool stuff. I've been to a couple of classes on it. I've had snort running on Mandrake snf and I'm putting the finishing touches on MNF. It has snort. I'm putting tripwire on it now. What I REALLY would like to do is set up a honey pot and then I'm truly in control and can watch with interest what is going on. I'm trying to talk my boss into letting me set up a honey pot at work, but corportate is against it. I need to talk to the fellow that is against it. I think he is wrong. :)
> Just a suggestion at any rate. > > Blue skies... Todd
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
