3/22 SHIT! My linux gateway running ipchains got cracked.
How? --PeterM
\_ Run a BSD. Any BSD. No, really. Linux sucks.
\_ How about:
BSD security >> Linux security, but Linux is getting there
\- realistically i think there are just more linux
root kits floating around. same reason more solaris
boxes get cracked than say ultrix.irix machines. --psb
\_ In my experience, VMS security >> HP security >>
SUN security >> IRIX security >> Linux security >>
Windows security. IRIX really sucks and SGI ships
the OS wide-open. --dim
\- i work in this area so my data is based on a lot
of machines and not just on my experience. most people
cracking systems are just trying a lot of doors and
arent picking locks. the doors the usually get into
arent necessarily the easiest ones to pick but the
ones with the most spare keys floating around or the
most likely to have been left unlocked. VMS machines
arent cracked because very few people have access
to them, or sources etc. i agree solaris security is
better than irix security but there are more suns
and more peopel have access to suns ... hence more
solaris root kits. --psb.
solaris root kits. a lot of the weeinie crackers
dont even know the difference ... you see people
using solaris eject cracks on irix machines all the
time. you know you are dealing with a clown when a
cracker's editor of choice is pico. [which it is
more and more often these days] --psb
\_ I agree completely. I just wanted to point out
how much IRIX sucks. --dim
\- back in the old days suns used to "ship"
with + in /etc/hosts.equiv. it only took a few years
for sun to admit they had their head up their ass on
on that one. SGI was even more intrasigent about the
lp/guest etc accounts. whenever you would complain to
SGI they would either point to "small print" or defend
what they did with "we know better" ... well apparently
"the market" knew better. --psb
\_ sendmail, dns, irc, ftp, what else are you running?
\_ no ftp, irc. Running sendmail as an smtp server for
the internal network, but blocking connections from
outside. Running DNS. Nothing else that I know of
offhand.
\_ move DNS serving to an internal machine. This
will take some of the load off and also close
a potential security hole. I also switched to
to postfix which seems to be more secure than
sendmail.
\_ In recent history, all of those other daemons have
had a lot more security problems than sendmail.
\_ I haven't seen as many CERT warnings
about postfix as for sendmail and
qmail.
\- what version of named? are you running named
unprivilaged and chrooted? this was a common attack
on freebsd. --psb
\_ what are your rules? wuftpd supposedly has some buffer
overflow exploits.
\_ "no ftp"?
\_ RedHat 6.1?
\_ an inside job?
\_ a blown job? |
http://csua.com/feed/