As for why against... this network is my home and I can't afford to go buy another comp and IP just to "protect" the 4 or 5 boxes behind it. *grin*
James On Sat, 2003-01-11 at 10:24, Lorne wrote: > On Saturday 11 January 2003 08:49 am, Mark Weaver wrote: > > Lorne wrote: > > > On Friday 10 January 2003 11:13 am, Todd Lyons wrote: > > >>Lorne wrote on Fri, Jan 10, 2003 at 09:15:02AM -0700 : > > >>>I've run coyote-linux for 5 years now and have NEVER been hacked. That > > >>> is until September of 2002. I spoke with the author and he felt his > > >>> system was secure and it couldn't have been his LRP based firewall that > > >>> broke down. I DID have port 21 forwarded, so assumed it was the inside > > >>> box that got compromised via port 21. I took the inside box off line, > > >>> totally built it from scratch, hardened all boxes and made sure I had a > > >>> secure intranet. I then brought the firewall back up. Within a month > > >>> someone was poking around inside my intranet again. Now it seems that > > >>> it takes about 48 hours for them to get back in. So I've been rebooting > > >>> it every night until I can get my MNF box up. I believe there is some > > >>> buffer overflow or other vulnerability that hasn't been identified yet > > >>> with the LRP firewall system. So just a warning, > > >> > > >>Geez, you should be sitting there with tcpdump running nearly non-stop > > >>and logging to a seperate host so that you can see exactly is occurring. > > >>Get active and into it and you'll learn a LOT about security. You may > > >>_think_ you know a lot now, but when you watch a box getting 'sploited, > > >>and then pull the plug and figure it all out, you'll come out of it with > > >>some invaluable knowledge that you can put to use immediately! > > > > > > I prefer ethereal and sniffer pro and I have had really really limited > > > time here at home. I've been getting more and more into packet analysis > > > at work and it is pretty cool stuff. I've been to a couple of classes on > > > it. I've had snort running on Mandrake snf and I'm putting the finishing > > > touches on MNF. It has snort. I'm putting tripwire on it now. What I > > > REALLY would like to do is set up a honey pot and then I'm truly in > > > control and can watch with interest what is going on. I'm trying to talk > > > my boss into letting me set up a honey pot at work, but corportate is > > > against it. I need to talk to the fellow that is against it. I think he > > > is wrong. :) > > > > why in the world would someone be "against" setting up a honeypot in > > defense of a network and all the mission critical data stored thereon? > > Yes, I understand that "honeypot" in and of itself does nothing to > > actually protect a network, but in the overall scheme it is a part of > > the process. > > That is what I asked the director yesterday. He said the head dude is from the > "CIA" and he has always been against it. ???? WFT!?!? My response was, I need > to talk to this guy, because he either doesn't understand them or knows > something profound I've never thought or heard of. Like I tried to explain to > the director yesterday is that there should never ever be any legitimate > traffic to a honeypot so if there is activity, it is going to be improper. > Makes it pretty damned easy to catch activity on a busy network. Like you > said, it isn't protection, but what a cool tool to trigger alarms, watch what > they are doing, keep them busy until you figure out what is going on etc. :) > > > ______________________________________________________________________ > > Want to buy your Pack or Services from MandrakeSoft? > Go to http://www.mandrakestore.com
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
