On Tue, 29 Jun 1999, Alex Miller wrote:
> > And why SHOULD anyone care about your hacker troubles, and your lack
> > of a firewall, and your overwhelming email traffic? Would you like
> > someone to read your email to you, or build you a firewall?
> Well, I certainly do. He seemed to describe already having "4 redundant
> firewalls" whatever that means.
John from NM doesn't want to hear about off topic cracker headaches.
It's ok, John, they'll be coming your way soon enough. I'm sure he is
aware of Rt 66 and the happy hacker. It's lame when you call an ISP for
weeks wondering why you can't get your email or something and all they
will tell you is that they're doing maintenance or upgrades and it will
be back real soon now -- when the truth is they've been cracked.
> My system has a firewall on it, which was installed when I first got my
> Linux setup. I have done everything myself except for this firewall. For
> several days now I've been reading up on Unix security and firewalls, since
> it seems that my firewall is controlling ports that are handled by the
> tcpserver that I installed with QMail. I think that the restrictions of the
> firewall are the reason I was getting side-effect problems when installing
> the Memphis RPM, such as the default behavior of telnet changing!
This list appears to he a very low tollerance for many things and also
has a very narrow definition of what is on topic. To me, getting qmail
working with/through a firewall is on topic. The hows and the whys of
needing a firewall can easily be ignored.
Along those lines, I previously asked about having qmail masquerade as
the domain and strip out all (specified) headers on the mail relay hub
as this This would help hide internal information. So, guys, tell me
what machine I am on now... see, I want to stop that information from
getting out. I do remember the response to that one -- thanks guys --
it just seemed really complicated -- as soon as the other issues are
taken care of, I will probably try to implment that qmail solution on a
test machine.
Your system has a firewall on it, because you have linux. I run
Solaris. In fact, I run Solaris 7. I have not found a decent/free
firewall that will help protect each machine individually like
ipfw/ipfwadm(ipchains) will protect a linux machine. Since I am an
idiot, I'm sure the people on this list will quickly point out where I
am wrong about this -- but that is fine, because then I will benefit
from this information. I am also not made of money. I didn't have a
slew of PCs sitting around ready for a firewall to be put on them.
I had a single firewall in place, but it does little good if there are
still open holes past the firewall (ie: remote DNS shell to a linux box
in the next apartment, remote statd for sparc, remote ttdb for sparc,
someone logs into a machine on this net from offsite and the offsite is
compromised such that the repeat use password is not captured, etc.) and
then the net is flat (allows sniffing or attacks to other hosts that
were previously blocked at the firewall), etc.
> I am "functioning", that is I can run QMail and EZMLM (but not remote pop3)
> but I am very much studying the issue of UNIX security and QMail setups.
> Also, I am working closely with a client www.hatewatch.org who keeps track
> of hate sites on the internet, (racist sites, anti-women, anti-gay, etc.)
> My expectation is that my security needs in conjunction with internet
> services will be very high, so I WANT to hear the horror stories. Other
> peoples problems are my problems.
Well, you will probably be a target at some point. I am a target for
various reasons. I really doesn't matter why -- the kiddies like to
play and the authorities don't care and are impotent anyway.
What are redundant firewalls? Sorry, I don't know the terminology for
it -- it's the fact that I don't just have one border firewall
(anymore), but several and several borders. If a kiddie gets inside
the net, it's still not possible to talk to other hosts inside the net
or sniff the entire net.
You have linux on your box and a firewall -- are you also using dialup
and a single dynamic or static IP? I have a class C... currently with 9
machines in my apartment and at least that many in the next (I also have
remote pop as well as dialup) -- any one of these machines could be
compromised and lead to an attack from within the network.
If nothing else, if you remove rcphosts or are an open relay -- they
depending on how much mail you send out and where you send it, you might
become listed on the spamemer's open-relay lists.
It isn't considered a security issue for qmail -- but if users can write
a .qmail file (ie: no shell, but ftp), they might as well have a shell.
Does sendwhale still allow piping to a program/shell?
> Alex (my brain hurts from reading so many words) Miller
Alex, we can take it to private messages. I can certainly help you with
your remote pop or any other firewall issue[s] you might have. I'm sure
you're aware of all the remote pop issues of the past. Anyway, if
you're interested in chatting, please send me a message.
Scott
