On Wed, Oct 04, 2000 at 01:11:56PM -0400, Kurth Bemis wrote:
> At 10:58 AM 10/4/2000 -0400, Tony Lambiris wrote:
>
> i was good friends with mosthated ( the leader of global hell ) - he had
> commented to me several times that that cs at keene boxes had telnetd open
> along other things...i told him that i didn't goto keene state and that was
> it.....i can't recall the exact date i think that it was around
> 00.01.10. Then later that year....1 month csdept.keene.edu was
> rooted. You'd think that after one incident you'd shut down telnet and put
> openssh on there....nop..it too to to lock down that box....
>
That's what I'm saying, the box was wide open (due to the fact Red Hat seems
to like to enable _everything_), so it was just a matter of time. Just check
out attrition.org. That box was rooted multiple times before whoever touched
it last tried hacking a bank. Perhaps the faculty should've appointed a new
admin after the first incident.
> <preaching>
> if your have a box on the Internet and you don't know your security your
> going to get owned. simple as that.....we're have several attempts on the
> usa box and that woke me up...fast....i realized that just because i didn't
> find any sploits that i could hack it didn't mean that there were none.....
>
VERY well put.
> redhat is a nice distro - however if your security minded ( and all .edu's
> should be ) put all your linux boxes on thier own network using and have a
> box doing NAT....your public machines...use openBSD...simple as
> that.....redhat is leaning toward being a desktop distro...and NT isn't
> secure....its a DOS waiting to happen....
>
I totally agree. I think the only linux dist. I would trust would be slackware,
and that's after I did a minimal install, deleted all suid files, and took
care of other stuff (inetd.conf, fstab, etc.).
> junior sys admin is a good idea - however using it on a mission critical
> server isn't a good idea...set it up as a war box...then you learn real
> fast what's what with security.
>
> the biggest asset that i have had is making friends with "script kiddies"
> and "black hats". just chatting they keep me informed on the latest holes
> and such. its a little work for a large return....many times a exploit
> will be discovered and be used to up to 4 months before a place like
> bugtrack gets it. for the price of a shell for annon mail..its a big payoff.
>
> </preaching>
>
Exactly. Just because you can't find an exploit for a service, doesn't mean
it's not out there. This is were I disagree with Red Hat enabling _everything_
by default. It's just a really stupid thing to do. Most people running Red Hat
will be using it for a workstation, this they have no need for ftpd, or amd.
If it's going to be used as a server, then it's up to the admin to know what
to enable and how. It's as simple as that.
> i agree totally with tony's last paragraph - sever security is up the the
> server admin( or person appointed for security) and nobody else.
>
> i'll admit it - i'm not the best security guy in the world, but i know what
> to look at and what not to....and monitor our server(s) closely....in 2
> months we're installing 2 new servers using openBSD with qmail and apache
> 1.3.12. granted i'll still have to monitor it but it will make my job a
> lot easier. and make balck hats jobs a lot harder.
>
> well i think that i'm done with my preaching...
>
> if i have offended anyone - i apologize...but when i stuff like this it
> really get me going. why punish everybody when one is at fault.
>
> BTW - look at this...i just did this nmap scan of csdept.keene.edu -
> intresting? i think so....lets shut down some of those deamons! 'eh?
> ========================
> Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
> Interesting ports on cscipclab5.keene.edu (158.65.240.101):
> Port State Protocol Service
> 1 open tcp tcpmux
> 11 open tcp systat
> 15 open tcp netstat
> 22 open tcp ssh
> 79 open tcp finger
> 80 open tcp http
> 111 open tcp sunrpc
> 113 open tcp auth
> 119 open tcp nntp
> 143 open tcp imap2
> 540 open tcp uucp
> 635 open tcp unknown
> 959 open tcp unknown
> 1024 open tcp unknown
> 1080 open tcp socks
> 1524 open tcp ingreslock
> 2000 open tcp callbook
> 6667 open tcp irc
> 12345 open tcp NetBus
> 12346 open tcp NetBus
> ========================
>
> well they got rid of telnetd what about netbus? is that necessary to run :-)
>
Will they ever learn? ;)
> ~kurth
>
> >On Tue, Oct 03, 2000 at 06:50:14PM -0400, Mjo wrote:
> > > We have 2 leads into a few 486 machines, which will help emmensely! YAY!
> >
> >What do you plan on using these 486 machines for? Only thing I can think of
> >that a 486 could handle would be simple NAT, or perhaps a mail server that
> >doesnt have a big work load.
> >
> > >
> > > KSC has traditionally had a Linux server that held student accounts for
> > mail
> > > and web pages. "Junior Sys Admin" was an independent study for running
> > this
> > > box. This summer it was used by a couple of people to break into
> > places such as
> > > Bell Atlantic. The college administration has in absolutely no
> > uncertain terms
> > > decreed that we may only have a Linux box if it is NOT attached to the
> > outside
> > > world. This is unfortunately not up for any debate. Linux in a vacum
> > makes
> > > very little practical sense, but that's what we have to work
> > with. Because
> > > this makes the "Junior Sys Admin" role almost entirely moot, it will be
> > > WONDERFUL to keep Linux possibilities here through the LUG.
> >
> >Yeah, I knew the Senior Admin of that box. He was a nice guy, but he didn't
> >know anything about Linux. When I first went to Keene, it was running
> >Slackware
> >setup by this kid Jamie Fullerton(sp?) who definately knew his stuff. Then
> >something happened (can't remember what), and Shilo decided to install Red
> >Hat.
> >First of all, that was probably his first mistake. I just read on Slashdot
> >that
> >Red Hat 7.0 had over like 2,500 documented bugs, or something outrageous like
> >that. I'm not saying Red Hat can't be locked down, but it is definately the
> >last distribution I would look at for a server environment. That, and coupled
> >with the fact he didn't know how to secure a box made for an easy target. He
> >always installed the defaults in Red Hat (I watched him install Red Hat one
> >time), and didn't take care to remove anything he wasn't using or didn't need.
> >During the first few weeks, I gave him some friendly pointers on making
> >the box
> >a little more secure without going into stuff like suid binaries, or editing
> >his fstab, and he replied back saying that he didn't appriciate me trying to
> >tell him how to do his job. Perhaps it was jealousy (mind you I was a
> >freshman,
> >and he was a junior), but I guess I will never know. I think it was about that
> >time when I knew Keene State College was a waste of my time and money.
> >Needless to say, when that box was cracked, my name came up a few times.
> >Why? I believe the main reason to be the fact that I actually _knew_ what
> >I was
> >doing in a Linux environment. I do wish the KSCLUG all the luck in the world
> >with their Linux ventures, it's unfortunate that they can't connect the linux
> >box to the outside world, because IMHO, it should be the admin's fault,
> >not the
> >colleges, because a Linux box can be secured, as long as the admin knows what
> >he/she is doing.
> ></rant> :)
> >
> > > We had a fair mix of people. A few newbies, a few middle-ish (like
> > myself) and
> > > a few who have spent a lot of time running it, though not professionally.
> > >
> > > Here are some of the topics people expressed interest in on the sheet I
> > passed
> > > out:
> > > Apache esp writing modules
> > > Security
> > > Relational DBs
> > > Scripting languages, i.e. TCL
> > > DHCP
> > > Programming in Linux C/Java/etc
> > > Sniffers
> > >
> > > I'm sure there will be a lot more. Any ideas invited.
> > >
> > > Anyway, getting rather long here. I often feel like I spend my entire life
> > > with the -v switch on.
> > >
> > > Our next meeting is 2 weeks from now, Tuesday October 17th at 1:30 pm in
> > > Science 119 at Keene State. The agenda is to vote on our constitution,
> > elect a
> > > couple officers, install some distro or other on a machine we can get
> > our hands
> > > on. Shiloh, our ex-linux admin/current NT admin is setting up an
> > e-mail list
> > > for us.
> > >
> > > Any and all advice/help very, very welcome!
> > >
> > > -Marthajo McCarthy
> > > KSCLUG Chairman
> > >
> > > P.S. I just bought a palm pilot- if anyone has any astounding tips on
> > how to
> > > get it working in Linux, feel free to e-mail me!
> > >
> > > --
> > > Martha Jo McCarthy
> > > [EMAIL PROTECTED] (alternate: [EMAIL PROTECTED]) Yeehaa!
> > >
> > >
> > >
> > >
> > > **********************************************************
> > > To unsubscribe from this list, send mail to
> > > [EMAIL PROTECTED] with the following text in the
> > > *body* (*not* the subject line) of the letter:
> > > unsubscribe gnhlug
> > > **********************************************************
> >
> >--
> >Tony Lambiris [[EMAIL PROTECTED]]
> >OpenBSD: Because I care. [www.openbsd.org]
> >
> >
> >**********************************************************
> >To unsubscribe from this list, send mail to
> >[EMAIL PROTECTED] with the following text in the
> >*body* (*not* the subject line) of the letter:
> >unsubscribe gnhlug
> >**********************************************************
>
> Kurth Bemis - Network/Systems Administrator, USAExpress.net/Ozone Computer
>
> [EMAIL PROTECTED]
> http://www.usaexpress.net/kurth
> ICQ - 6624050
> Call Sign - N1TYW
> PGP key available - http://www.usaexpress.net/kurth/pgp
>
> Fight Weak Encryption! Donate your wasted CPU cycles to Distributed.net
> (http://www.distributed.net)
>
>
--
Tony Lambiris [[EMAIL PROTECTED]]
OpenBSD: Because I care. [www.openbsd.org]
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
