Hi Greg, and welcome to our humble abode....
I'm not going to waste everyone's time by reiterating what has been
said, but I would like to clarify some things:
1) Linux makes a great firewall/router. I have been running a linux
firewall on my cable modem for three years and have never had a
problem. SOHO firewall appliances are good, but if you have the
equipment and the time, you may as well save the money and do it with
Linux. Not to mention that it can be a great learning experience.
2) Learn about security. First I would suggest using RedHat 7.1 and
*NOT* 7.0 if your intention is to use RedHat. 7.1 had a lot of things
fixed, and it also has some default firewalling code that you can use
by default when you install. I also recommend picking up a copy of
"Ultimate Linux Security" or "SANS Securing Linux Step-by-Step"
(http://www.sansstore.org/Templates/frmTemplateK.asp?SubFolderID=22&SearchYN=N).
Security is a process, and it does require that you sepend time.
However, if you spend the time now, you will save time in the long
run. If you want recommendations, just ask. There are a lot of people
on this list that are skilled and knowledgeable on the topic of
security.
3) Since I haven't seen anyone say it yet, from the description of
what happened, I believe you were hit with the Ramen Worm.
4) Don't be put off by the opinions put forth on this list. We're a
bit of a spirited bunch ;-)
C-Ya,
Kenny
Greg wrote:
>
> Wow, this is apparently the consensus. Off it goes, this was kind of an
> experiment anyways. The true purpose of this machine was to gateway and
> run a Halflife/CS Server and maybe an hlstats website. (anyone whos
> played knows what im talking about) I was trying to avoid sinking $175
> into a Zyxel or SOHOware Router, but i guess that is the case. From what
> Ive heard i should stay away from the popular brands (linksys, d-link,
> netgear) when it comes to purchasing a broadand router, and spend the
> extra cash on a SOHO quality or greater piece of hardware. I guess ill
> just run my servers from behind the firewall. thanks for the advice,
> next time i email this list it will be from win2k. :-P
>
> -Greg
>
> [EMAIL PROTECTED] wrote:
>
> > Hello Greg, and Welcome. Coincidentally my name is Greg as well. My advice
> > to you is to get your machine OFF THE INTERNET. I've no doubt the following
> > will get lengthy and that it is flame bait, however it is based on what I've
> > learned from this very mailing list. Because of what I've read on this list
> > I've stopped using Linux with the exception of a server, protected by a
> > firewall.
> >
> > First, I'm in computers and have been for over 20 years. I'm not a *nix hack
> > and instead grew up and was trained on DOS, OS/2 and WinBlows (which I've
> > never liked, yet use it on most of my desktops). I work for a Vice President
> > of a very large company and my job is to drive Linux, specifically Linux
> > Clusters.
> >
> > About 6 or 8 weeks ago my Linux Firewall was breached. I've not yet healed
> > from the flames and burns received on this list. I had an AT&T Broadband
> > (Cable/MediaOne/Road Runner) connection. After the first breach, when my
> > machine was caught port scanning I tightened my security, closing all
> > services (FTP, Telnet, etc.) and put up an IPChains script that I thought
> > would keep God out. The logs indicated a rank amateur (they had built
> > themselves an ID) so I deferred reformatting and rebuilding the machine until
> > after Easter (my only real free time is on Sunday, the next Sunday was
> > Easter). Big mistake. I was in New York, and no one technical was home,
> > when I again got a call from AT&T. This time they told me my machine was
> > port scanning again (remember no one was home) and that my service would be
> > TERMINATED FOREVER with no hope of getting it back. They did absolutely
> > nothing to try to help me find the intruder, and most on this list seem to
> > think that appropriate. I don't agree. I'm still without my broadband
> > connection, although I've since made other arrangements.
> >
> > The general consensus us that if you're not willing to spend several hours a
> > week maintaining your machine, then it shouldn't be on the Internet. Reports
> > abound, even on dial up connections, of going on line and immediately being
> > probed for vulnerabilities.
> >
> > I for one have given up on Linux in any but a Server role. I tried Microsoft
> > "Internet Connection Sharing" for awhile but it's just too flaky. The
> > machine checked as being very secure but I applied some M$ security updates
> > anyway (I needed them for another program (an IPSec Tunnel) that I wanted to
> > run. It completely fried ICS and I gave up. I went to CompUSA and bought a
> > Linksys Router/Gateway/Switch and have been delighted. It also checks as
> > being extremely secure. (Go to:
> > http://www.linuxgazette.com/issue65/stumpel.html and read chapter 4 "How safe
> > is your network" and it will list several sites that will probe your site for
> > you. Note that you can only probe yourself.). The unit has been working
> > flawlessly, including IPSec Passthrough (which I needed for my VPN) and NAT /
> > DMZ. NAT is very standard and allows specific ports to be forwarded to a
> > machine within the home network. DMZ (a term not appropriately used) allows
> > you to take one machine and make it appear as if it's natively on the
> > Internet (or so they claim). The DLink unit has similar capabilities,
> > although they don't do IPSec Passthrough yet. What I really wanted was the
> > DLink Wireless Router/Gateway/Switch. Oh well.
> >
> > I hope this helps. I do strongly recommend that you immediately pull your
> > machine off of the Internet unless you're extremely knowledgeable in Linux
> > Security and you have the time to spend reviewing security updates and
> > applying them. The Internet is a nasty place (which I couldn't live
> > without), rather like the wild west and the consequences of your system being
> > penetrated could be severe. IMHO it's far better to pay $129 bucks (or less
> > if you can get a good deal) and let another company, that specializes in
> > building a security machine, manage the headaches.
> >
> > Greg wrote:
> >
> >
> >> After a small stay a couple years ago, i fell out of linux until last
> >> week when i installed redhat 7 on a p2 300 that i had lying around. I
> >> hooked it right up to my cable modem and everything seemed to be working.
> >>
> >> Within 20 minutes of it being on the WAN i noticed I got a hit to my ftp
> >> server (which I hadnt shutdown yet) so i promptly changed a bunch of
> >> permissions and shut down every service I didnt need (ftp, telnet,
> >> sendmail) about an hour later i noticed that my root accnt had mail, so
> >> I checked it. There were two duplicate messages that had been rejected
> >> by the reciever for having exceeded quota, but they were addressed from
> >> root@myhost. The alarming part was the content of the messages which
> >> included my password file (im not running yp yet) my bash history, full
> >> netstat info, processes running, modules loaded, pretty much everything
> >> one needs to know about my computer. I sure as hell didnt send these
> >> emails. Immediatly i went to check system log files, and to my surprise
> >> the gnome syslog viewer reported 2 errors: "no log files to open" and
> >> "var/log/messages" not a file. What the hell happened to my computer?
> >>
> >> And problem number two, I want to set this machine up as a gateway and I
> >> cant get it to recognize my second card. The card is a tulip based
> >> netgear FA310Tx. On boot i get the message "eth1: Delaying
> >> initialization SIOCADDRT: Device not found [FAILED]" Can anyone get me
> >> in the right direction for getting this card to work? the working card
> >> in my machine is a linksys lne100tx which I happen two of, so i put the
> >> second linksys in and still got that error, so i just put the fa310tx
> >> back in.
> >>
> >> be easy on me, im apparently sickeningly new at this. :-)
> >>
> >> Thanks,
> >>
> >> Greg
> >>
--
---------------------------------------------------
Kenneth E. Lussier
Geek by nature, Linux by choice
PGP KeyID 0xD71DF198
Public key available @ http://pgp.mit.edu
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
