[juneau-lug] Re: Local Windows world still suffering:

While still in Juneau, I was using an old Zyxel Prestige 300 router 
as my primary firewall.It seemed to do the job at first, but I had a 
few suspicious events on my network that showed somebody getting 
through - my local DNS would crash once in a while, it looked more 
like a poisoned cache than anything. I was running BIND 8 on SuSE 7.2 
with all the updated patches. I also found a classic breach, a file 
in the root home directory (can't remember the name offhand) that's 
used to gain root access remotely - it's an old 1997 vintage hack 
(!!!). So be careful and mindful with a Linux box too. Unfortunately, 
I could never get the logging to work correctly from the Zyxel box. 
It was supposed to forward a continuous text file to the linux box, 
but one of the effects of the DNS crash would be that the DNS server 
could no longer connect to the Gateway router, which happened to be 
the Zyxel box! The Zyxel will be retired when I get my new network up 
and running here in Kodiak.

I also had a Red Hat 6.3 box (kernel 2.2.19) out in the DMZ exposed 
directly to the net. It was running custom software for the ham radio 
Internet Radio Linking Project (www.irlp.net). Since the software was 
custom, I didn't have much control, but all TCP/IP and UUCP ports 
other than SSH and the few high numbered ones for the IRLP services 
were disabled. The thing ran flawlessly - it would only go down 
during a power outage or hardware failure. I never saw any evidence 
of compromise even though the IRLP system uses NISplus, which scares 
me to death running anywhere on the net, especially outside a 
firewall. The box was a Compaq Deskpro 486 - so there still is plenty 
of life left for antique hardware if one has the patience to get it 
running (many communication satellites are stll at the 486 level - I 
haven't heard of a radiation hardened Pentium yet).

I also had suspicious activity on a Mac - the PowerComputing box 
running MacOS 8.1. The network stack kept getting corrupted, and it 
couldn't connect to the Netatalk server or sometimes the printer. 
This was odd because from what I could gather, the only real security 
hole in MacOS 8.1 was if you had the Personal Web Server running - I 
had uninstalled it and had tested it from the network side with the 
linux box and couldn't find any open ports. If anyone has any ideas 
on this one, I'd be glad to hear about it though a Linux mailing list 
may not be the correct forum...

I dumped all my Windoze boxes after getting tired of Micro$oft pawing 
through everything on my hard drive every time I'd run an update - it 
was really interesting to watch the network traffic at packet level 
while the upgrade was under way.

Later,
  Stephen

>This firewall is Linux/iptables, which is probably pretty common in 
>this group.  What are the other solutions on the list?  Anyone with 
>OpenBSD/pf?
>
>Cheers,
>
>James


------------------------------------
This is the Juneau-LUG mailing list.
To unsubscribe, send an e-mail to juneau-lug-request@xxxxxxxxxxxxx with the 
word unsubscribe in the subject header.

Other related posts: