Wow, this is apparently the consensus. Off it goes, this was kind of an
experiment anyways. The true purpose of this machine was to gateway and
run a Halflife/CS Server and maybe an hlstats website. (anyone whos
played knows what im talking about) I was trying to avoid sinking $175
into a Zyxel or SOHOware Router, but i guess that is the case. From what
Ive heard i should stay away from the popular brands (linksys, d-link,
netgear) when it comes to purchasing a broadand router, and spend the
extra cash on a SOHO quality or greater piece of hardware. I guess ill
just run my servers from behind the firewall. thanks for the advice,
next time i email this list it will be from win2k. :-P
-Greg
[EMAIL PROTECTED] wrote:
> Hello Greg, and Welcome. Coincidentally my name is Greg as well. My advice
> to you is to get your machine OFF THE INTERNET. I've no doubt the following
> will get lengthy and that it is flame bait, however it is based on what I've
> learned from this very mailing list. Because of what I've read on this list
> I've stopped using Linux with the exception of a server, protected by a
> firewall.
>
> First, I'm in computers and have been for over 20 years. I'm not a *nix hack
> and instead grew up and was trained on DOS, OS/2 and WinBlows (which I've
> never liked, yet use it on most of my desktops). I work for a Vice President
> of a very large company and my job is to drive Linux, specifically Linux
> Clusters.
>
> About 6 or 8 weeks ago my Linux Firewall was breached. I've not yet healed
> from the flames and burns received on this list. I had an AT&T Broadband
> (Cable/MediaOne/Road Runner) connection. After the first breach, when my
> machine was caught port scanning I tightened my security, closing all
> services (FTP, Telnet, etc.) and put up an IPChains script that I thought
> would keep God out. The logs indicated a rank amateur (they had built
> themselves an ID) so I deferred reformatting and rebuilding the machine until
> after Easter (my only real free time is on Sunday, the next Sunday was
> Easter). Big mistake. I was in New York, and no one technical was home,
> when I again got a call from AT&T. This time they told me my machine was
> port scanning again (remember no one was home) and that my service would be
> TERMINATED FOREVER with no hope of getting it back. They did absolutely
> nothing to try to help me find the intruder, and most on this list seem to
> think that appropriate. I don't agree. I'm still without my broadband
> connection, although I've since made other arrangements.
>
> The general consensus us that if you're not willing to spend several hours a
> week maintaining your machine, then it shouldn't be on the Internet. Reports
> abound, even on dial up connections, of going on line and immediately being
> probed for vulnerabilities.
>
> I for one have given up on Linux in any but a Server role. I tried Microsoft
> "Internet Connection Sharing" for awhile but it's just too flaky. The
> machine checked as being very secure but I applied some M$ security updates
> anyway (I needed them for another program (an IPSec Tunnel) that I wanted to
> run. It completely fried ICS and I gave up. I went to CompUSA and bought a
> Linksys Router/Gateway/Switch and have been delighted. It also checks as
> being extremely secure. (Go to:
> http://www.linuxgazette.com/issue65/stumpel.html and read chapter 4 "How safe
> is your network" and it will list several sites that will probe your site for
> you. Note that you can only probe yourself.). The unit has been working
> flawlessly, including IPSec Passthrough (which I needed for my VPN) and NAT /
> DMZ. NAT is very standard and allows specific ports to be forwarded to a
> machine within the home network. DMZ (a term not appropriately used) allows
> you to take one machine and make it appear as if it's natively on the
> Internet (or so they claim). The DLink unit has similar capabilities,
> although they don't do IPSec Passthrough yet. What I really wanted was the
> DLink Wireless Router/Gateway/Switch. Oh well.
>
> I hope this helps. I do strongly recommend that you immediately pull your
> machine off of the Internet unless you're extremely knowledgeable in Linux
> Security and you have the time to spend reviewing security updates and
> applying them. The Internet is a nasty place (which I couldn't live
> without), rather like the wild west and the consequences of your system being
> penetrated could be severe. IMHO it's far better to pay $129 bucks (or less
> if you can get a good deal) and let another company, that specializes in
> building a security machine, manage the headaches.
>
> Greg wrote:
>
>
>> After a small stay a couple years ago, i fell out of linux until last
>> week when i installed redhat 7 on a p2 300 that i had lying around. I
>> hooked it right up to my cable modem and everything seemed to be working.
>>
>> Within 20 minutes of it being on the WAN i noticed I got a hit to my ftp
>> server (which I hadnt shutdown yet) so i promptly changed a bunch of
>> permissions and shut down every service I didnt need (ftp, telnet,
>> sendmail) about an hour later i noticed that my root accnt had mail, so
>> I checked it. There were two duplicate messages that had been rejected
>> by the reciever for having exceeded quota, but they were addressed from
>> root@myhost. The alarming part was the content of the messages which
>> included my password file (im not running yp yet) my bash history, full
>> netstat info, processes running, modules loaded, pretty much everything
>> one needs to know about my computer. I sure as hell didnt send these
>> emails. Immediatly i went to check system log files, and to my surprise
>> the gnome syslog viewer reported 2 errors: "no log files to open" and
>> "var/log/messages" not a file. What the hell happened to my computer?
>>
>> And problem number two, I want to set this machine up as a gateway and I
>> cant get it to recognize my second card. The card is a tulip based
>> netgear FA310Tx. On boot i get the message "eth1: Delaying
>> initialization SIOCADDRT: Device not found [FAILED]" Can anyone get me
>> in the right direction for getting this card to work? the working card
>> in my machine is a linksys lne100tx which I happen two of, so i put the
>> second linksys in and still got that error, so i just put the fa310tx
>> back in.
>>
>> be easy on me, im apparently sickeningly new at this. :-)
>>
>> Thanks,
>>
>> Greg
>>
>> **********************************************************
>> To unsubscribe from this list, send mail to
>> [EMAIL PROTECTED] with the following text in the
>> *body* (*not* the subject line) of the letter:
>> unsubscribe gnhlug
>> **********************************************************
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
