At 10:58 AM 10/4/2000 -0400, Tony Lambiris wrote:
i was good friends with mosthated ( the leader of global hell ) - he had
commented to me several times that that cs at keene boxes had telnetd open
along other things...i told him that i didn't goto keene state and that was
it.....i can't recall the exact date i think that it was around
00.01.10. Then later that year....1 month csdept.keene.edu was
rooted. You'd think that after one incident you'd shut down telnet and put
openssh on there....nop..it too to to lock down that box....
<preaching>
if your have a box on the Internet and you don't know your security your
going to get owned. simple as that.....we're have several attempts on the
usa box and that woke me up...fast....i realized that just because i didn't
find any sploits that i could hack it didn't mean that there were none.....
redhat is a nice distro - however if your security minded ( and all .edu's
should be ) put all your linux boxes on thier own network using and have a
box doing NAT....your public machines...use openBSD...simple as
that.....redhat is leaning toward being a desktop distro...and NT isn't
secure....its a DOS waiting to happen....
junior sys admin is a good idea - however using it on a mission critical
server isn't a good idea...set it up as a war box...then you learn real
fast what's what with security.
the biggest asset that i have had is making friends with "script kiddies"
and "black hats". just chatting they keep me informed on the latest holes
and such. its a little work for a large return....many times a exploit
will be discovered and be used to up to 4 months before a place like
bugtrack gets it. for the price of a shell for annon mail..its a big payoff.
</preaching>
i agree totally with tony's last paragraph - sever security is up the the
server admin( or person appointed for security) and nobody else.
i'll admit it - i'm not the best security guy in the world, but i know what
to look at and what not to....and monitor our server(s) closely....in 2
months we're installing 2 new servers using openBSD with qmail and apache
1.3.12. granted i'll still have to monitor it but it will make my job a
lot easier. and make balck hats jobs a lot harder.
well i think that i'm done with my preaching...
if i have offended anyone - i apologize...but when i stuff like this it
really get me going. why punish everybody when one is at fault.
BTW - look at this...i just did this nmap scan of csdept.keene.edu -
intresting? i think so....lets shut down some of those deamons! 'eh?
========================
Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
Interesting ports on cscipclab5.keene.edu (158.65.240.101):
Port State Protocol Service
1 open tcp tcpmux
11 open tcp systat
15 open tcp netstat
22 open tcp ssh
79 open tcp finger
80 open tcp http
111 open tcp sunrpc
113 open tcp auth
119 open tcp nntp
143 open tcp imap2
540 open tcp uucp
635 open tcp unknown
959 open tcp unknown
1024 open tcp unknown
1080 open tcp socks
1524 open tcp ingreslock
2000 open tcp callbook
6667 open tcp irc
12345 open tcp NetBus
12346 open tcp NetBus
========================
well they got rid of telnetd what about netbus? is that necessary to run :-)
~kurth
>On Tue, Oct 03, 2000 at 06:50:14PM -0400, Mjo wrote:
> > We have 2 leads into a few 486 machines, which will help emmensely! YAY!
>
>What do you plan on using these 486 machines for? Only thing I can think of
>that a 486 could handle would be simple NAT, or perhaps a mail server that
>doesnt have a big work load.
>
> >
> > KSC has traditionally had a Linux server that held student accounts for
> mail
> > and web pages. "Junior Sys Admin" was an independent study for running
> this
> > box. This summer it was used by a couple of people to break into
> places such as
> > Bell Atlantic. The college administration has in absolutely no
> uncertain terms
> > decreed that we may only have a Linux box if it is NOT attached to the
> outside
> > world. This is unfortunately not up for any debate. Linux in a vacum
> makes
> > very little practical sense, but that's what we have to work
> with. Because
> > this makes the "Junior Sys Admin" role almost entirely moot, it will be
> > WONDERFUL to keep Linux possibilities here through the LUG.
>
>Yeah, I knew the Senior Admin of that box. He was a nice guy, but he didn't
>know anything about Linux. When I first went to Keene, it was running
>Slackware
>setup by this kid Jamie Fullerton(sp?) who definately knew his stuff. Then
>something happened (can't remember what), and Shilo decided to install Red
>Hat.
>First of all, that was probably his first mistake. I just read on Slashdot
>that
>Red Hat 7.0 had over like 2,500 documented bugs, or something outrageous like
>that. I'm not saying Red Hat can't be locked down, but it is definately the
>last distribution I would look at for a server environment. That, and coupled
>with the fact he didn't know how to secure a box made for an easy target. He
>always installed the defaults in Red Hat (I watched him install Red Hat one
>time), and didn't take care to remove anything he wasn't using or didn't need.
>During the first few weeks, I gave him some friendly pointers on making
>the box
>a little more secure without going into stuff like suid binaries, or editing
>his fstab, and he replied back saying that he didn't appriciate me trying to
>tell him how to do his job. Perhaps it was jealousy (mind you I was a
>freshman,
>and he was a junior), but I guess I will never know. I think it was about that
>time when I knew Keene State College was a waste of my time and money.
>Needless to say, when that box was cracked, my name came up a few times.
>Why? I believe the main reason to be the fact that I actually _knew_ what
>I was
>doing in a Linux environment. I do wish the KSCLUG all the luck in the world
>with their Linux ventures, it's unfortunate that they can't connect the linux
>box to the outside world, because IMHO, it should be the admin's fault,
>not the
>colleges, because a Linux box can be secured, as long as the admin knows what
>he/she is doing.
></rant> :)
>
> > We had a fair mix of people. A few newbies, a few middle-ish (like
> myself) and
> > a few who have spent a lot of time running it, though not professionally.
> >
> > Here are some of the topics people expressed interest in on the sheet I
> passed
> > out:
> > Apache esp writing modules
> > Security
> > Relational DBs
> > Scripting languages, i.e. TCL
> > DHCP
> > Programming in Linux C/Java/etc
> > Sniffers
> >
> > I'm sure there will be a lot more. Any ideas invited.
> >
> > Anyway, getting rather long here. I often feel like I spend my entire life
> > with the -v switch on.
> >
> > Our next meeting is 2 weeks from now, Tuesday October 17th at 1:30 pm in
> > Science 119 at Keene State. The agenda is to vote on our constitution,
> elect a
> > couple officers, install some distro or other on a machine we can get
> our hands
> > on. Shiloh, our ex-linux admin/current NT admin is setting up an
> e-mail list
> > for us.
> >
> > Any and all advice/help very, very welcome!
> >
> > -Marthajo McCarthy
> > KSCLUG Chairman
> >
> > P.S. I just bought a palm pilot- if anyone has any astounding tips on
> how to
> > get it working in Linux, feel free to e-mail me!
> >
> > --
> > Martha Jo McCarthy
> > [EMAIL PROTECTED] (alternate: [EMAIL PROTECTED]) Yeehaa!
> >
> >
> >
> >
> > **********************************************************
> > To unsubscribe from this list, send mail to
> > [EMAIL PROTECTED] with the following text in the
> > *body* (*not* the subject line) of the letter:
> > unsubscribe gnhlug
> > **********************************************************
>
>--
>Tony Lambiris [[EMAIL PROTECTED]]
>OpenBSD: Because I care. [www.openbsd.org]
>
>
>**********************************************************
>To unsubscribe from this list, send mail to
>[EMAIL PROTECTED] with the following text in the
>*body* (*not* the subject line) of the letter:
>unsubscribe gnhlug
>**********************************************************
Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer
[EMAIL PROTECTED]
http://www.usaexpress.net/kurth
ICQ - 6624050
Call Sign - N1TYW
PGP key available - http://www.usaexpress.net/kurth/pgp
Fight Weak Encryption! Donate your wasted CPU cycles to Distributed.net
(http://www.distributed.net)
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
