Hello Greg, and Welcome. Coincidentally my name is Greg as well. My advice
to you is to get your machine OFF THE INTERNET. I've no doubt the following
will get lengthy and that it is flame bait, however it is based on what I've
learned from this very mailing list. Because of what I've read on this list
I've stopped using Linux with the exception of a server, protected by a
firewall.
First, I'm in computers and have been for over 20 years. I'm not a *nix hack
and instead grew up and was trained on DOS, OS/2 and WinBlows (which I've
never liked, yet use it on most of my desktops). I work for a Vice President
of a very large company and my job is to drive Linux, specifically Linux
Clusters.
About 6 or 8 weeks ago my Linux Firewall was breached. I've not yet healed
from the flames and burns received on this list. I had an AT&T Broadband
(Cable/MediaOne/Road Runner) connection. After the first breach, when my
machine was caught port scanning I tightened my security, closing all
services (FTP, Telnet, etc.) and put up an IPChains script that I thought
would keep God out. The logs indicated a rank amateur (they had built
themselves an ID) so I deferred reformatting and rebuilding the machine until
after Easter (my only real free time is on Sunday, the next Sunday was
Easter). Big mistake. I was in New York, and no one technical was home,
when I again got a call from AT&T. This time they told me my machine was
port scanning again (remember no one was home) and that my service would be
TERMINATED FOREVER with no hope of getting it back. They did absolutely
nothing to try to help me find the intruder, and most on this list seem to
think that appropriate. I don't agree. I'm still without my broadband
connection, although I've since made other arrangements.
The general consensus us that if you're not willing to spend several hours a
week maintaining your machine, then it shouldn't be on the Internet. Reports
abound, even on dial up connections, of going on line and immediately being
probed for vulnerabilities.
I for one have given up on Linux in any but a Server role. I tried Microsoft
"Internet Connection Sharing" for awhile but it's just too flaky. The
machine checked as being very secure but I applied some M$ security updates
anyway (I needed them for another program (an IPSec Tunnel) that I wanted to
run. It completely fried ICS and I gave up. I went to CompUSA and bought a
Linksys Router/Gateway/Switch and have been delighted. It also checks as
being extremely secure. (Go to:
http://www.linuxgazette.com/issue65/stumpel.html and read chapter 4 "How safe
is your network" and it will list several sites that will probe your site for
you. Note that you can only probe yourself.). The unit has been working
flawlessly, including IPSec Passthrough (which I needed for my VPN) and NAT /
DMZ. NAT is very standard and allows specific ports to be forwarded to a
machine within the home network. DMZ (a term not appropriately used) allows
you to take one machine and make it appear as if it's natively on the
Internet (or so they claim). The DLink unit has similar capabilities,
although they don't do IPSec Passthrough yet. What I really wanted was the
DLink Wireless Router/Gateway/Switch. Oh well.
I hope this helps. I do strongly recommend that you immediately pull your
machine off of the Internet unless you're extremely knowledgeable in Linux
Security and you have the time to spend reviewing security updates and
applying them. The Internet is a nasty place (which I couldn't live
without), rather like the wild west and the consequences of your system being
penetrated could be severe. IMHO it's far better to pay $129 bucks (or less
if you can get a good deal) and let another company, that specializes in
building a security machine, manage the headaches.
Greg wrote:
> After a small stay a couple years ago, i fell out of linux until last
> week when i installed redhat 7 on a p2 300 that i had lying around. I
> hooked it right up to my cable modem and everything seemed to be working.
>
> Within 20 minutes of it being on the WAN i noticed I got a hit to my ftp
> server (which I hadnt shutdown yet) so i promptly changed a bunch of
> permissions and shut down every service I didnt need (ftp, telnet,
> sendmail) about an hour later i noticed that my root accnt had mail, so
> I checked it. There were two duplicate messages that had been rejected
> by the reciever for having exceeded quota, but they were addressed from
> root@myhost. The alarming part was the content of the messages which
> included my password file (im not running yp yet) my bash history, full
> netstat info, processes running, modules loaded, pretty much everything
> one needs to know about my computer. I sure as hell didnt send these
> emails. Immediatly i went to check system log files, and to my surprise
> the gnome syslog viewer reported 2 errors: "no log files to open" and
> "var/log/messages" not a file. What the hell happened to my computer?
>
> And problem number two, I want to set this machine up as a gateway and I
> cant get it to recognize my second card. The card is a tulip based
> netgear FA310Tx. On boot i get the message "eth1: Delaying
> initialization SIOCADDRT: Device not found [FAILED]" Can anyone get me
> in the right direction for getting this card to work? the working card
> in my machine is a linksys lne100tx which I happen two of, so i put the
> second linksys in and still got that error, so i just put the fa310tx
> back in.
>
> be easy on me, im apparently sickeningly new at this. :-)
>
> Thanks,
>
> Greg
>
> **********************************************************
> To unsubscribe from this list, send mail to
> [EMAIL PROTECTED] with the following text in the
> *body* (*not* the subject line) of the letter:
> unsubscribe gnhlug
> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
