someday when you really bored :) scan anselm.edu and utoronto.edu just to pick on a
couple but both major targets and could have the smakdown. someone has to be
putting machines in....... anselm is a mix of NT , linux ( cobalt 4.0 ) , and
solaris 7.0. all the linux boxen on there network is wide open to attack..... like
a default install :) so. . . . utorono.edu is no better they have most all
services wide open, granted they are behind some type of firewall but the problem
exist that you can go around it, why waste your time cracking a firewall when you
can skip it ? now its pretty safe to say no one checks log files and or has tcplogd
running and watching for these types of attacks so in the long run you could hack
till your little hearts content and no-one would even know your there..... and if
there this slow you definatley could pull the shades over there eyes when the
system is rooted like cat /var/log/messages | grep -v "username" >> temp ; mv temp
/var/log/messages and clean up the logs to remove your presense. anyway seems im
babbling so ill shut up know.
chris
"Kenneth E. Lussier" wrote:
> Tony Lambiris wrote:
> >
> > On Wed, Oct 04, 2000 at 02:32:42PM -0400, Kenneth E. Lussier wrote:
>
> > Not knowing what either of these tools are or do, it sounds like they help
> > you secure a box? I personally disagree with using 3rd party utils to help
> > you secure a box, and I think the reason is pretty obvious. While it may be
> > useful to the person just getting into security, it's not something I would
> > rely on, or trust for that matter.
>
> Please define 3rd party tools. Both of the above mentioned are open
> source security tools, MedusaDS9 being kernel implimentaions. As for the
> reason that you claim to be so obvious for not using seurity tools, I
> disagree that it is obvious. I have no idea why you would not use
> security tools. Of course, this is completely dependant upon you
> definition of 3rd part tools. But I would rather depend on a third party
> tool that I can verify if my other option is to depend on the word of
> the *BSD maintainers.
>
> >
> > I disagree. We're not talking about a high-profile e-commerce site. We're
> > talking about an .edu (notorious for being wide open to exploits).
>
> Since they are so notorious for being insecure, then they should take it
> a bit more seriously. Since they are cracked so often, and they are
> common targets, then they *ARE* high profile, and they need to be more
> carefull.
>
> > Almost all
> > of the "Linux in 24 hour" books tell you the basics of security (i.e.
> > inetd.conf, anonymous ftp, etc). You don't need to be a security expert to
> > open up inetd.conf and disable what you don't need. You just need common sense
> > (hmm, I don't know what imapd is, so I probably won't be using it, so lets
> > disable it). It's as simple as that.
>
> First off, it's a really nice phrase "disable what you don't need". I
> like it. But it doesn't make a box secure. What if the purpose of the
> box is to be an anonymous ftp server? You need anonymous ftp, so you
> leave it in there. But, you don't need telnet, so you take it out. Does
> that make the box secure? Nope... As for the "Linux in 24hrs" books, I
> liken them to "Become a Doctor in 24hrs". I wouldn't go to that doctor.
>
> > Also, no one forced him to be the admin of the box. Like I said, you think
> > someone down there would've been clued in the first time the box was rooted.
>
> I'm sure that no one forced him to be the admin. However, it was a
> work-study, and therefore, by nature, it is a learning experience. If no
> one took the time to educate him on network security, then he should not
> be expected to be knowledgable about it, nor can be held accountable for
> the outcome.
>
> > > It amuses me that people seem to think that security is something that
> > > you learn by reading a book or two. All of today's best practices will
> > > not help you tomorrow. Things change that fast. In my opinion, students
> > > do not have the time to keep up with their classes as it is. They should
> > > not be expected to keep up with network security on top of everything
> > > else. It is extremely time consuming and you can't take a day off from
> > > it.
> >
> > Now we're to the point where it should'nt be security, but common sense. I
> > still blame Red Hat for enabling everything by default.
>
> You are right. It is common sence. The administration should not expect
> a student to be a security administrator if they have not provided any
> training. As for blaming RedHat, you can blame them all you want. Your
> blame does not make your statements correct.
>
> > > I defy anyone to say that they have
> > > never made a mistake that had serious consequences.
> >
> > I haven't.
>
> There are three possabilities for this statement:
> 1) You have made the mistakes but were never aware of the consequences
> 2) You have made the mistakes and someone else was good enough to make
> sure you never found the problem
> 3) You're a liar and in you anagorace efforts to be correct, you attempt
> to make yourself look better by denying responsibility for your
> mistakes.
>
> --
> Kenny Lussier
> Systems Administrator
> Mission Critical Linux
> ***********************************************************
> Life is a lesson, you learn it at the end
> Reality has become increasingly less accurate
> ***********************************************************
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
